>>>>> On Tue, 05 Apr 2022, Jason A Donenfeld wrote: > - GPG signatures are already over the SHA512 of the plain text, so > they security of the system already reduces to that. By choosing > SHA512, we don't add more risk, whilst choosing something else means > we're in trouble if either one has a problem.
The OpenPGP signature is for the top-level Manifest only. In case there was any trouble, it would be trivial to change the hash algorithm used for this. In constrast to that, updating the hashes in all Manifest files is a huge pain in the neck. Basically, you must download all distfiles, which is not trivial. For example, think of fetch-restricted files. (I've helped twice with updating Manifest files, so I believe I know what I'm talking about. :) I think that be benefit of dropping one of the hashes would be close to zero, especially if we would drop the faster one. Ulrich
signature.asc
Description: PGP signature
