Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Get Gentoo! | Support | Planet | Wiki

Gentoo Spaceship
Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: "Paweł Hajdan, Jr." <phajdan.jr@g.o>
Subject: integrity of stage files
Date: Sat, 08 Oct 2011 14:45:02 -0700 
I checked
<http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=5>
and the Handbook only mentions validating MD5 checksums.

There are two possible issues:

1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we
be using something stronger?

2. I noticed the checksums are signed (.asc files). With what key are
they signed? How is that key handled, and how to ensure people use the
right key when verifying the signature?

Paweł
Attachment:
signature.asc (OpenPGP digital signature)
Replies:
Re: integrity of stage files
-- Robin H. Johnson
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
GCC upgrades, FUD and gentoo documentation
Next by thread:
Re: integrity of stage files
Previous by date:
Re: Lastrite: media-gfx/pngcrush
Next by date:
Re: Lastrite: media-gfx/pngcrush


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.