Code review comment for lp:~xnox/debian-cd/add_secured-fixes

Revision history for this message
Dimitri John Ledkov (xnox) wrote :


On Sat, 20 Jun 2020, 20:34 Steve Langasek, <email address hidden>

> why would we want to specifically drop sha512 generation, rather than
> letting it be present but unused?

Currently archive generates md5, sha1, sha256. Whilst cdimage generates
md5, sha1, sha256, sha512. Apt downloads/validates all hashes, even if it
considers them insecure. I have separately asked LP to stop generating

Imho, we should be consistent.

Are you saying we should switch to sha512 by default?

Especially since it is faster on 64bit platforms than sha256.



« Back to merge proposal