Control: severity -1 minor On Thu, May 19, 2022 at 12:31:28PM +0800, Zhang Boyang wrote: >Package: debian-cd > >Hello, > >I downloaded debian iso and its SHA512SUMS file. However, when I use gpg to >verify authenticity of SHA512SUMS, I found the signature file use SHA256 as >its digest algorithm. Although SHA256 is pretty safe, it's seem strange that >sign a SHA512SUMS with SHA256. I think it's better to sign SHA512SUMS with >SHA512.
Maybe. It's not really a priority to change anything here right now, I'll be honest... -- Steve McIntyre, Cambridge, UK. st...@einval.com There's no sensation to compare with this Suspended animation, A state of bliss