On Fri, May 01, 2009 at 01:23:47PM -0700, Dan Price wrote: > Throwing Python 2.6 in the way of other goals seems like something > to be avoided if possible.
It'd be good for IPS to rely only on SHA-256 or better by 2009.06. If that can be done with a dependency on Python 2.6, fine, else not so fine... Note that use of hash functions for public key signatures and for file content hashing is precisely the kind where collision resistance matters. For signatures there's work on hash randomization standards that should help, but randomized hashing is fairly new, and SHA-256 is not. Nico -- _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
