List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
and the Handbook only mentions validating MD5 checksums.
There are two possible issues:
1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we
be using something stronger?
2. I noticed the checksums are signed (.asc files). With what key are
they signed? How is that key handled, and how to ensure people use the
right key when verifying the signature?