On Sat, 20 Jun 2020, 20:34 Steve Langasek, <email address hidden>
wrote:
> why would we want to specifically drop sha512 generation, rather than
> letting it be present but unused?
>
Currently archive generates md5, sha1, sha256. Whilst cdimage generates
md5, sha1, sha256, sha512. Apt downloads/validates all hashes, even if it
considers them insecure. I have separately asked LP to stop generating
md5/sha1.
Imho, we should be consistent.
Are you saying we should switch to sha512 by default?
Especially since it is faster on 64bit platforms than sha256.
Hi,
On Sat, 20 Jun 2020, 20:34 Steve Langasek, <email address hidden>
wrote:
> why would we want to specifically drop sha512 generation, rather than
> letting it be present but unused?
>
Currently archive generates md5, sha1, sha256. Whilst cdimage generates
md5, sha1, sha256, sha512. Apt downloads/validates all hashes, even if it
considers them insecure. I have separately asked LP to stop generating
md5/sha1.
Imho, we should be consistent.
Are you saying we should switch to sha512 by default?
Especially since it is faster on 64bit platforms than sha256.
Regards,
Dimitri.