* Anthony Towns: > (I'm amazed the security "crisis" we're having is about deb sigs > *again*, when we're still relying on md5sum which has a public exploit > available now...)
These exploits are irrelevant as far as the Debian archive is concerned. (And that's not because hardly any sarge user verifies the MD5 hashes, by the way. 8-) Moving away from MD5 is certainly not a bad idea, but it's not clear whether the alternatives are any better. Sure, everyone recommends SHA-256 at this stage, but nobody can give a rationale. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
