On Wed, Mar 03, 2010 at 08:34:27AM +0000, Philipp Kern wrote: > On 2010-03-03, Neil Williams <codeh...@debian.org> wrote: > > Changing to SHA won't help. I'm for ditching all md5sums from packages. > > It's not a lot of disc space gained but it does give a false sense of > > security or 'insurance' if you want to avoid the more formal meaning of > > 'security'. > > Please don't. It's not about security. It's about being able to detect > corruption. Also it is very helpful when recovering from ext4 root FS > corruption after a sudden power loss. Sure, you cannot guarantee that > the md5 store isn't corrupted too but if it isn't then debsums is > helpful.
Very much agreed. Please do not remove the md5sums - even better, I'm all for requiring md5sums (the cost to do so is, I think, insignificant) because they are very helpful for the above purpose. iustin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100303212646.gb9...@teal.hq.k1024.org
