> It might be worth approaching from a pragmatic perspective... why > generate SHA-512 checksums when you're only going to be signing a > SHA-256 digest of that list (that is unless you want to alienate > users of OpenPGP-compliant tools which don't implement optional > algorithms). Is it because you feel SHA-512 is more > tamper-resistant, or because you're worried that you might wind up > with two entries accidentally colliding over the same SHA-256 hash > (which is pretty unlikely statistically speaking, and even then may > not be particularly relevant depending on the use case for the > hashes).
Care to make a point for the gpg stuff around it within bug #612657? -- bye, Joerg <snooze02> sind jabber und icq 2 unterschiedliche netzwerke ? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87bp25tabk....@gkar.ganneff.de
