Hi, Nicolas George wrote: > Signing a bunch of hashes is a beginner's mistake,
You have unsurpassable objections against variants which might not much weaken the strength of PGP ? Not even willing to consider the constraints of such variants ? I assume this was discussed among DDs and they weighed their options. > I rely on Debian packagers to be on the watch. Despite leading developers making "beginner's mistakes" ? Well, Debian allows me to package my own upstream. My sponsor looks at the Debian specific aspects of packaging, not at my source code. (Dominique, please correct me if i'm wrong.) There are dozens of package updates every day. Have a look at the "Needs-Build" list of the SH4 ghost fleet: https://buildd.debian.org/status/architecture.php?a=sh4&suite=sid (Yamato and Tirpitz are on cruise, currently. Huso is stuck in pack ice. First tries of packages with known short build times seem the be preferred. libburn passes after only a few hours.) Given the fact how hard it is to find a dedicated DD or DM for new upstream packages, i cannot imagine that many such packages get a special security audit by Debian. Look at the archives of debian-mentors mailing list. The heroes there criticise many oddities and software release sins. But in the 5 months since i am watching, i saw not a single objection because of upstream source code flaws. (And there are many, i am sure. Just count mine.) > I blame you for giving advice without knowing the problem. Please google "fdupes". > Ever heard of cache? 200 GB ? I only have 16 GB RAM. > > (The polynomials should at least not be multiples of each other.) > The polynomials must be irreducible to yield a correct CRC32. > That rules out them being multiples of each other. So you found a widening of my "at least". (May i criticise in reply the fuzzyness of the term "correct" ?) > If the files are large, I would suggest to use a sparse hash function, Does this advise count as pot-kettle-black incident ? After all you make assumptions about the files' content similarities or the lack thereof. Have a nice day :) Thomas
