Shouldn't we be using sha256 or sha512? I am not a crypto expert but
AFIAK couldn't sha1 collisions could be easily generated with the type
of resources available to someone who would want to attack coreboot?
On 11/06/2016 07:15 PM, Iru Cai wrote:
buildgcc can verify the SHA1 sum of the tarballs, and the checksum is
cloned from the git repository via HTTPS or SSH, so I think we don't need
to worry.
On Mon, Nov 7, 2016 at 5:44 AM, taii...@gmx.com <taii...@gmx.com> wrote:
It is 2016 not 2001 and MITM's are a regular thing so this is a serious
issue.
--
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot
--
coreboot mailing list: coreboot@coreboot.org
https://www.coreboot.org/mailman/listinfo/coreboot
