On Sat, Aug 3, 2013 at 1:34 PM, Paul Wise <p...@debian.org> wrote: > On Sat, Aug 3, 2013 at 12:30 PM, Ian Campbell wrote: > > > Did debian-devel have not this same conversation not so long ago? I'm > > getting that deja vu feeling... > > Yes: > > http://lists.debian.org/1349911198.3341.117.ca...@fermat.scientia.net > > I probably should have searched the archives before posting, sorry.
JFTR (from re-reading the dejavu :) I think it's useless to upgrade to SHA512 (or SHA-3), but at the same time I think we should drop MD5/SHA-1 in .changes/.dsc files (and Release.gpg). Using MD5 for debsums is just fine - the algorithm there needs different properties and any good checksum algorithm would do. (Even CRC-32 or Alder-32 would be fine, I guess...) O. -- Ondřej Surý <ond...@sury.org>
