From: | "Paweł Hajdan |
---|---|
To: | gentoo-dev@l.g.o |
Subject: | [gentoo-dev] integrity of stage files |
Date: | Sat, 08 Oct 2011 21:46:02 |
Message-Id: | 4E90C45E.7020203@gentoo.org |
1 | I checked |
2 | <http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1&chap=5> |
3 | and the Handbook only mentions validating MD5 checksums. |
4 | |
5 | There are two possible issues: |
6 | |
7 | 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we |
8 | be using something stronger? |
9 | |
10 | 2. I noticed the checksums are signed (.asc files). With what key are |
11 | they signed? How is that key handled, and how to ensure people use the |
12 | right key when verifying the signature? |
13 | |
14 | Paweł |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] integrity of stage files | "Robin H. Johnson" <robbat2@g.o> |