Dimitri John Ledkov <[email protected]> writes: > Huh, I'm not quite sure that multiple hashes actually gain us anything > at all in terms of compromisation, since ultimately all our archive > metadata is protected by a single hash only.
> Whilst replacing individual files & simultaneously matching multiple > hash algorithms, is an interesting problem. It's much more interesting > to match SHA256 of Release file such that Release.gpg validates, then > you can replace /all/ files with valid checksums across the board. Or > otherwise generate/break the archive signing key. Ah, yes, excellent point. So yes, other than backward compatibility, I see no reason to keep any hash other than the hash we're also using for the GnuPG signature. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
