On Wed, 2023-01-25 at 21:44:27 +0000, James Addison wrote: > Package: dpkg > Version: 1.21.18 > Followup-For: Bug #1028961 > > Are SHA224 and SHA384 used widely by dpkg and/or Debian?
I'd expect all (?) signatures for packaging artifacts in Debian to be SHA512. This change sets an explicit preference list, so that in case more secure digest algorithms are unavailable for whatever reason, we do not end up falling back directly into worse ones. Thanks, Guillem
