Ansgar Burchardt <ans...@debian.org> writes: > Russ Allbery writes:
>> If so, I think that security model is roughly equivalent to the >> automatic signing of binary packages by buildds, so probably doesn't >> introduce a new vulnerability, > It doesn't rely on strong cryptographic hashes to guarantee integrity. > To quote Wikipedia: > +--- > | Revision control systems such as Git, Mercurial, and Monotone use > | SHA-1 not for security but to identify revisions and to ensure that > | the data has not changed due to accidental corruption. > +---[ https://en.wikipedia.org/wiki/SHA-1#Data_integrity ] > But developers could instead just sign artifacts using a strong > cryptographic hash that will be included in the source package; for > example the .orig.tar and .debian.tar which can be made reproducible > (git-archive is supposed to be reproducible; compression might not be so > just sign the uncompressed version). > We shouldn't go back to trusting SHA-1. I'm dubious that we really care that much about a preimage attack on SHA-1, but sure, if there's some easy way to use something different, that would be more future-proof. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
