On 25/10/2017 14:32, Hanno Böck wrote:
> Good security includes reducing complexity. Tough (as evident by this
> thread) it's a thought many people find hard to accept.
>
> This thread is going into a completely different direction and I find
> that worriesome. We have two non-problems ("what if secure hash X gets
> broken?" and "what if it's too slow? I haven't benchmarked, but what if
> it's too slow??") and people proposing increasingly complex solutions.
>
> If you do what you propose my worries aren't that any hash gets broken
> or that it's too slow. It's that some bug will chime in where in some
> situation no hash gets checked whatsoever.+1 I consider the multiple hashes we have a part of providing smooth migration path (keeping around hashes supported by older portage versions). Other than that, yeah, watch out for complexity. Paweł
signature.asc
Description: OpenPGP digital signature
