Kamal Mostafa <ka...@whence.com> writes: > Package: wnpp > Severity: wishlist > Owner: Kamal Mostafa <ka...@whence.com> > > > * Package name : duff > Version : 0.5 > Upstream Author : Camilla Berglund <elmindr...@elmindreda.org> > * URL : http://duff.sourceforge.net/ > * License : Zlib > Programming Lang: C > Description : Duplicate file finder > > Duff is a command-line utility for identifying duplicates in a given set of > files. It attempts to be usably fast and uses the SHA family of message > digests as a part of the comparisons.
If there aren't warnings about use of SHA1 in the tool, there should be. While I don't recall any published SHA1 collisions, SHA1 is considered broken and shouldn't be used if you want to trust your comparisons. I'm assuming the tool supports SHA256 and other SHA2 hashes as well? It might be useful to make sure the defaults are non-SHA1. /Simon -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87wr8qk8r5....@latte.josefsson.org
