Time to stop using md5sums
Johannes Winkelmann wrote:
> On Wed, Jan 07, 2009 at 15:23:39 +1100, Danny Rawlins wrote:
>> Hi as predatorfreak tried to pus sha256 and CRUX devs shrugged it off
>> and didn't do anything [...]
> Maybe you want to go read through
> again before claiming that "CRUX devs shrugged it off". The last message
> is predatorfreak saying that he'll "'ll produce a hard-break patch and
> submit it here later, as a hard break seems to be the preferred solution
> by most people."
Uh what is a "hard break patch"? A hard coded patch in place of md5sum
than a add on to use sha256 with md5 at the same time?
Or is it to do with breaking the patch up into smaller patches? Or
something else I did search and did not find the answer to that.
If i knew I may fix the patch or whatever it is your waiting on being
done, and it would of been nice if this got done for CRUX-2.5.
>> well how much more proof do you need that md5 is
>> MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA
> Have you even read that document?
> This document is specific to MD5 in a Public Key Infrastructure
> scenario. How does that apply to .md5sum in ports? Please explain.
Yes but it shows md5 is insecure, the comment on the bug report shows
the real attack of a "malicious open-source developer" on the bug
CRUX mailing list