On 2017-10-20 11:32, Luca De Feo wrote:
So according to your point checking the SHA1 is useless, because attackers are not able to get malicious source tarballs accepted by SageMath.
That is totally not what I said. We don't care about collision resistance, but we still need preimage resistance. That is still fine for SHA1 (even MD5 as far as I know).
-- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to sage-devel+unsubscr...@googlegroups.com. To post to this group, send email to sage-devel@googlegroups.com. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
