Code review comment for lp:~xnox/debian-cd/add_secured-fixes
Revision history for this message
| Dimitri John Ledkov (xnox) wrote | # |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Hi,
On Sat, 20 Jun 2020, 20:34 Steve Langasek, <email address hidden>
wrote:
> why would we want to specifically drop sha512 generation, rather than
> letting it be present but unused?
>
Currently archive generates md5, sha1, sha256. Whilst cdimage generates
md5, sha1, sha256, sha512. Apt downloads/validates all hashes, even if it
considers them insecure. I have separately asked LP to stop generating
md5/sha1.
Imho, we should be consistent.
Are you saying we should switch to sha512 by default?
Especially since it is faster on 64bit platforms than sha256.
Regards,
Dimitri.