On Wed, Apr 06, 2022 at 05:23:25PM +0000, Robin H. Johnson wrote: > On Wed, Apr 06, 2022 at 02:15:02AM +0200, Jason A. Donenfeld wrote: > > 2) Comparability: other distros use SHA2-512, as well as various > > upstreams, which means we can compare our hashes to theirs easily. > Can we expand on this specific thread for a moment? > > I was the author of GLEP59 about changing the Manifest hashes, and I > noted at the time, with references, that the effective strength of a set > of hashes is only that of the strongest hash. Bump for my parent message, that I'm very surprised at the lack of responses to two messages in this thread.
https://archives.gentoo.org/gentoo-dev/message/18216da0128ee79733fa68bb77fa8b69 https://archives.gentoo.org/gentoo-dev/message/a9974ec34dfb25810dab47e3fa322a52 -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136