1 |
Hi, |
2 |
|
3 |
> Back during the 2017 discussion, Infra came to the conclusion that we're |
4 |
> going to keep SHA512 for a transition period, then remove it, and stay |
5 |
> with a single hash algorithm. In my opinion, we have kept it long |
6 |
> enough. |
7 |
> |
8 |
> WDYT? |
9 |
|
10 |
As far I remember we agreed to keep two different hashes. |
11 |
The idea is, that if one hash is no longer safe to use, we still have a |
12 |
short period for migration. |
13 |
|
14 |
If we use only one hash, gentoo is vulnarable to "sudden problems". The |
15 |
everyday news show us, that broken implementations are possible and that |
16 |
this scenario is likely to happen over the years. |
17 |
|
18 |
The benefit of removing the second hash is negligible. |
19 |
So we should keep two different hashes. |
20 |
|
21 |
-- |
22 |
Best, |
23 |
Jonas |