Philipp Kern wrote: > On 2010-03-03, Wouter Verhelst <wou...@debian.org> wrote: >> This is where I disagree. When a checksum algorithm is compromised (and >> MD5 *is* compromised), things only ever get worse, not better. Indeed, >> MD5 preimage attacks are pretty hard *today*. But switching to something >> more secure in preparation for the day when MD5 will be easily cracked >> by every script kiddo around is *not* overkill. > > Sure, but to be honest, not even all packages managed to generate md5sums > 'till now (with some quite core, omnipresent packages missing) so it seems out > of scope for squeeze. Maybe squeeze+1.
I think its about time to require to generate checksums for packages and make all packages which do not do so RC buggy. -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprints: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79 ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4b8eb3b6.4070...@bzed.de
