Ivan Boldyrev <[EMAIL PROTECTED]> writes: [...]
> Attackers creates some sexy patch for TLA (for example, support of > multiple hashes from libgcrypt). Then I create another patch that > stoles gpg passwords that people type when using signed archives. > > Two patches with same MD5 signature. Quotation from paper of Czech > scientist: Maybe you could do that, but remember these are collisions of things which have to be carefully constructed. Anyway, hashes in Arch are about detecting unexpected modifications due to random breakage. If you really care about patches you'd sign them, wouldn't you? [...] _______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
