On Wed, 2005-03-16 at 20:03 +0100, Karel Gardas wrote: > I was in impression that patch signing was created mainly for making > trusted archive mirrors on untrusted hosts possible.
I've yet to hear a plausible attack against MD5 for use in corrupting a trustworthy archive by tricking someone into using your mirror. For example, how do you propose jblack could take advantage of generating colliding texts to hack the tla mainline mirrored on sourcecontrol.net? -- Matthew Dempsky <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
