Re: SHA-1 vs SHA256 + public key

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SHA-1 vs SHA256 + public key

From:	Ludovic Courtès
Subject:	Re: SHA-1 vs SHA256 + public key
Date:	Tue, 23 May 2017 22:53:28 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)

Mark H Weaver <address@hidden> skribis:

> I wrote:
>> The hashes included in the announcement are not able to provide secure
>> authentication, regardless of what hash function is used, because the
>> announcement itself might have been modified
>
> I forgot that the announcement itself was signed, which invalidates much
> of what I wrote earlier.  Sorry for the noise.
>
> I agree that we should include stronger hashes in the announcement.

Agreed, we should do that.

(Providing hashes in the message, which is archived, provides a way for
people to make sure we will not modify the uploaded file in place in the
future.)

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

SHA-1 vs SHA256 + public key, Mark Rijckenberg, 2017/05/22
- Re: SHA-1 vs SHA256 + public key, Mark H Weaver, 2017/05/23
  - Re: SHA-1 vs SHA256 + public key, Mark H Weaver, 2017/05/23
    - Re: SHA-1 vs SHA256 + public key, Ludovic Courtès <=

Prev by Date: Re: Guix 0.13 manual does not include UEFI documentation
Next by Date: Re: 01/01: gnu: glib: Update to 2.53.1.
Previous by thread: Re: SHA-1 vs SHA256 + public key
Next by thread: Upcoming OpenSSL updates
Index(es):
- Date
- Thread