Dimitri John Ledkov <x...@debian.org> writes: > Huh, I'm not quite sure that multiple hashes actually gain us anything > at all in terms of compromisation, since ultimately all our archive > metadata is protected by a single hash only.
> Whilst replacing individual files & simultaneously matching multiple > hash algorithms, is an interesting problem. It's much more interesting > to match SHA256 of Release file such that Release.gpg validates, then > you can replace /all/ files with valid checksums across the board. Or > otherwise generate/break the archive signing key. Ah, yes, excellent point. So yes, other than backward compatibility, I see no reason to keep any hash other than the hash we're also using for the GnuPG signature. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87y4vvy0wa....@windlord.stanford.edu
