Hi Matt, On Tue, Apr 5, 2022 at 8:58 PM Matt Turner <matts...@gentoo.org> wrote: > This was a topic in June 2021's Council meeting: > > https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613-summary.txt#n33 > https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613.txt#n137 > > Basically there was no great reason presented for making the change > and some (IMO specious) reasons for keeping multiple hashes. I don't > think anyone felt strongly enough about removing one hash to fight for > it.
Huh. Something not brought up there or https://bugs.gentoo.org/784710 is the fact that the _security_ of the system reduces to SHA-512 as used by our GPG signatures. By the way, we're not currently _checking_ two hash functions during src_prepare(), are we? Jason
