On 9055 day of my life James Blackwell wrote: >> Why not put both detached signatures into the checksum file? > > What's the point of this anyways?
Flexebility.
> Unless you're unlike most uses, you're using the default hashing,
> which is [drumroll please.....] SHA-1.
But those who care, can choose. Current Arch has no choice at all.
> Throwing asside repudation, it still takes is 8 bytes to collide an
> md5sum, and about 8 and a half bytes to collide a sha1sum...
It take 8 hours to collide an md5sum. Colliding sha1sum takes more
time yet.
--
Ivan Boldyrev
"Assembly of Japanese bicycle require great peace of mind."
pgpzsMEsu2S4b.pgp
Description: PGP signature
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
