List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 10/8/11 3:43 PM, Robin H. Johnson wrote:
>> 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we
>> be using something stronger?
> Fixed in Catalyst now.
> So when the stagebuilders update their Catalyst, they will be generated
> with newer hashes.
Thank you for a quick reaction, but maybe in one aspect it was too
tells people to use md5sum, and the patch above _removes_ md5 sum, which
means the Handbook instructions now won't work.
Suggested course of action:
1. Please re-add md5 sum.
2. File a bug to modify the handbook to verify sha sum instead.
3. Then remove the checksum.
>> 2. I noticed the checksums are signed (.asc files). With what key are
>> they signed? How is that key handled, and how to ensure people use the
>> right key when verifying the signature?
> Documented here:
Ah, I just forgot about that page. Okay, so can we also update the
Handbook to include GPG signature checking?