Gentoo Archives: gentoo-dev

From: "Paweł Hajdan
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] integrity of stage files
Date: Sat, 08 Oct 2011 21:46:02
Message-Id: 4E90C45E.7020203@gentoo.org
I checked
<http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=5>
and the Handbook only mentions validating MD5 checksums.

There are two possible issues:

1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we
be using something stronger?

2. I noticed the checksums are signed (.asc files). With what key are
they signed? How is that key handled, and how to ensure people use the
right key when verifying the signature?

Paweł

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] integrity of stage files "Robin H. Johnson" <robbat2@g.o>