On 2008-12-16, Martin Schrvder <mar...@oneiros.de> wrote:
> 2008/12/15 Marc Espie <es...@nerim.net>:
>> Heck, we're further along the curve than most others. If you look closely at
>
><cough>
> OpenSUSE has signed packages and signed repos for years. So have many
> other Linux distros.
>
> OpenBSD is still debating md5s of packages in 2008.
Who said anything about md5?
We already use sha256 internally in plist.
On 2008-12-15, Marc Espie <es...@nerim.net> wrote:
> Heck, we're further along the curve than most others. If you look closely at
> how packages are built, you can do signatures on the run, since only the
> packing-list needs to be signed, as *everything else* is checksummed already
> with a decent hash algorithm.
^^^^^^
