Hi,
Back during the 2017 discussion, Infra came to the conclusion that we're
going to keep SHA512 for a transition period, then remove it, and stay
with a single hash algorithm. In my opinion, we have kept it long
enough.
WDYT?
As far I remember we agreed to keep two different hashes.
The idea is, that if one hash is no longer safe to use, we still have a
short period for migration.
If we use only one hash, gentoo is vulnarable to "sudden problems". The
everyday news show us, that broken implementations are possible and that
this scenario is likely to happen over the years.
The benefit of removing the second hash is negligible.
So we should keep two different hashes.
--
Best,
Jonas
