9 May
2018
9 May
'18
11:25 p.m.
On Wed, May 09, 2018 at 09:30:51PM +0200, Neven Sajko wrote:
I would just like to note that SHA-2 hashes are inferior to Keccak and to BLAKE2. So better not to spend effort migrating to SHA-2.
Strength of various SHA hashes is a different topic. My only point was that relying on md5 these days is like having no hashes at all or using the source filename as a hash... And there should be no migration -- when a new version of a package is released or a rebuild happens, just update the *sums array. Cheers, -- Leonid Isaev