Archives
Archives
| From: | Ulrich Mueller <ulm@g.o> | ||
|---|---|---|---|
| To: | "Jason A. Donenfeld" <zx2c4@g.o> | ||
| Cc: | Sam James <sam@g.o>, gentoo-dev@l.g.o, "Michał Górny" <mgorny@g.o>, Matt Turner <mattst88@g.o> | ||
| Subject: | Re: [gentoo-dev] proposal: use only one hash function in manifest files | ||
| Date: | Wed, 06 Apr 2022 16:38:24 | ||
| Message-Id: | uh7764176@gentoo.org | ||
| In Reply to: | Re: [gentoo-dev] proposal: use only one hash function in manifest files by "Jason A. Donenfeld" |
||
| 1 | >>>>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote: |
| 2 | |
| 3 | > Why? Then we're dependent on two things, either of which could break, |
| 4 | > rather than one. |
| 5 | |
| 6 | See? If either of these should happen, then we'll be happy that we still |
| 7 | have both hashes in our Manifest files. |
| 8 | |
| 9 | OTOH, if that argument is not relavant because the probability of both |
| 10 | is close to zero, then (from a security POV) it doesn't matter which of |
| 11 | the two hashes we remove. |
| 12 | |
| 13 | Ulrich |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] proposal: use only one hash function in manifest files | "Jason A. Donenfeld" <zx2c4@g.o> |