Re: SHA1 and 256 (again) :)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2009-11-19 at 06:09 +0530, Rahul Sundaram wrote:
> On 11/19/2009 06:04 AM, Ladislav Bodnar wrote:
> > On Thursday 19 November 2009, Rahul Sundaram wrote:
> >> Note that changing HASH: SHA1 to anything else in the top of the file
> >> will make the gpg check fail since it writes it out that way. So it's
> >> sort of a tricky issue to solve. Not sloppiness.
> > 
> > Maybe it would be simpler to call the file SHA256SUM (or SHA256) instead of 
> > CHECKSUM? As far as I remember, these files used to be called MD5SUM, then 
> > SHA1SUM, which made it very clear what was inside. But with so many 
> > different checksum standards, calling the file CHECKSUM is bound to lead to 
> > confusion.
> 
> I think the generic name was picked up because nobody believes that
> SHA256 hashes are going to be cryptographically secure for a long time
> and we are bound to switch to stronger checksums over a period of time
> but I think, a clear filename does make it more easier to avoid this
> mass confusion. Jesse Keating?
> 
> Rahul
> 

Changing the filename each time was getting to be a hassle, so we named
the file generically.  This happened not only in pungi, but in many of
the other tools we had to update when moving from md5 or sha1 to sha256.
Since we know we'll have to do it again we've made that task easier next
time.

The solution here is to put a blurb in the file itself about how to
verify it.  That is something I'm going to do, but by the time it was
suggested and I conceded that it was needed, we were past the feature
freeze and I was not going to introduce a feature in our compose tool at
that point.

-- 
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
fedora-test-list mailing list
fedora-test-list@xxxxxxxxxx
To unsubscribe: 
https://www.redhat.com/mailman/listinfo/fedora-test-list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux