From: | Ulrich Mueller <ulm@g.o> | ||
---|---|---|---|
To: | "Jason A. Donenfeld" <zx2c4@g.o> | ||
Cc: | Sam James <sam@g.o>, gentoo-dev@l.g.o, "Michał Górny" <mgorny@g.o>, Matt Turner <mattst88@g.o> | ||
Subject: | Re: [gentoo-dev] proposal: use only one hash function in manifest files | ||
Date: | Wed, 06 Apr 2022 16:38:24 | ||
Message-Id: | uh7764176@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] proposal: use only one hash function in manifest files by "Jason A. Donenfeld" |
1 | >>>>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote: |
2 | |
3 | > Why? Then we're dependent on two things, either of which could break, |
4 | > rather than one. |
5 | |
6 | See? If either of these should happen, then we'll be happy that we still |
7 | have both hashes in our Manifest files. |
8 | |
9 | OTOH, if that argument is not relavant because the probability of both |
10 | is close to zero, then (from a security POV) it doesn't matter which of |
11 | the two hashes we remove. |
12 | |
13 | Ulrich |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-dev] proposal: use only one hash function in manifest files | "Jason A. Donenfeld" <zx2c4@g.o> |