Thijs Kinkhorst <th...@debian.org> writes: > On sneon 12 Juny 2010, Russ Allbery wrote:
>> + <p> >> + These fields contain a list of files with a checksum and size >> + for each one. Both <tt>Checksums-Sha1</tt> >> + and <tt>Checksums-Sha256</tt> have the same syntax and differ >> + only in the checksum algorithm used: SHA-1 >> + for <tt>Checksums-Sha1</tt> and SHA-256 >> + for <tt>Checksums-Sha256</tt>. >> + </p> > What's the use of having both fields at the same time? I can see the > desire to aid compatibility by leaving the Files: section in, but adding > two new Checksums fields at the same time seems superfluous to > me. What's the advantage of having both over just adding > Checksums-Sha256 and forgetting about Checksums-Sha1? That's probably best addressed to the dpkg maintainers, since we're mostly documenting work that was already done and bringing Policy up to date with what the tools do. The one reason that I can think of off-hand is that if one is protecting against theoretical collision or preimage attacks, it's much harder to generate collisions simultaneously in two different hash functions than in just one. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-policy-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87fx0orugf....@windlord.stanford.edu
