Dear all, Please CC me if anybody feels like answering.
I was shared this [1] and while it's important, it is equally important to point out that the work isn't complete atm. From what little I know, almost all Debian's work is now using git (there may be some subversion, some mercurial repos) but most of the work has now been using gitlab/salsa [2] . While some of the comments suggest that SHA-1 is fine for now one doesn't really know. From what little I can make out, it seems a pretty disruptive change and may have gotchas also for the reproducible builds project. [3] Wanna know what people think about it and if there have been plans to discuss the same. I did take a brief look at debian-project [4] to see if somebody had approached them for the same as something like this might be a huge change but saw no messages about it. I am sure people have a view on the above, this being the security list if for nothing else. 1. https://lwn.net/SubscriberLink/811068/cfeb6a67b8dfbe47/ 2. salsa.debian.org 3. https://wiki.debian.org/ReproducibleBuilds 4. https://lists.debian.org/debian-security -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com E493 D466 6D67 59F5 1FD0 930F 870E 9A5B 5869 609C
