Archives
Archives
| From: | "Paweł Hajdan |
|---|---|
| To: | gentoo-dev@l.g.o |
| Subject: | [gentoo-dev] integrity of stage files |
| Date: | Sat, 08 Oct 2011 21:46:02 |
| Message-Id: | 4E90C45E.7020203@gentoo.org |
| 1 | I checked |
| 2 | <http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=5> |
| 3 | and the Handbook only mentions validating MD5 checksums. |
| 4 | |
| 5 | There are two possible issues: |
| 6 | |
| 7 | 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we |
| 8 | be using something stronger? |
| 9 | |
| 10 | 2. I noticed the checksums are signed (.asc files). With what key are |
| 11 | they signed? How is that key handled, and how to ensure people use the |
| 12 | right key when verifying the signature? |
| 13 | |
| 14 | Paweł |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] integrity of stage files | "Robin H. Johnson" <robbat2@g.o> |