On Wed, 2010-03-03 at 11:37 +0000, Philipp Kern wrote: > On 2010-03-03, Wouter Verhelst <wou...@debian.org> wrote: > > This is where I disagree. When a checksum algorithm is compromised (and > > MD5 *is* compromised), things only ever get worse, not better. Indeed, > > MD5 preimage attacks are pretty hard *today*. But switching to something > > more secure in preparation for the day when MD5 will be easily cracked > > by every script kiddo around is *not* overkill. > > Sure, but to be honest, not even all packages managed to generate md5sums > 'till now (with some quite core, omnipresent packages missing) so it seems out > of scope for squeeze. Maybe squeeze+1.
What about a transitional dh_md5sums that would produce md5sum AND invoke dh_sha ? Franklin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1267650344.8266.262.ca...@solid.paris.klabs.be
