On Mon, Oct 12, 2009 at 12:11:46PM -0500, David Farning wrote:
MD5 is a very bad choice for authentication; it should be considered broken. SHA-1 is starting to "fail" as well (but currently fine); AFAIK SHA-256 should be safe choice mid-term. If you only want to guard against technical failures (corrupted download), MD5 is still fine of course.3. Security. We are going to have to consider that mirrors can be hijacked. ISOs will have to be shipped with md5 hashes.
CU Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/
signature.asc
Description: Digital signature
_______________________________________________ SoaS mailing list [email protected] http://lists.sugarlabs.org/listinfo/soas
