From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Marius Vollmer Newsgroups: gmane.lisp.guile.devel Subject: Re: Guile 1.7.91 has been released. Date: Mon, 13 Feb 2006 21:50:28 +0200 Message-ID: <87pslryr5n.fsf@zagadka.de> References: <87y80gyxrq.fsf@zagadka.de> <87zmkvmw7s.fsf@laas.fr> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Trace: sea.gmane.org 1139860278 16469 80.91.229.2 (13 Feb 2006 19:51:18 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 13 Feb 2006 19:51:18 +0000 (UTC) Original-X-From: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Mon Feb 13 20:51:16 2006 Return-path: Envelope-to: guile-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1F8jih-0007bz-IV for guile-devel@m.gmane.org; Mon, 13 Feb 2006 20:50:48 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F8jih-0002g6-3C for guile-devel@m.gmane.org; Mon, 13 Feb 2006 14:50:47 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1F8jic-0002ei-IK for guile-devel@gnu.org; Mon, 13 Feb 2006 14:50:42 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1F8jib-0002e4-04 for guile-devel@gnu.org; Mon, 13 Feb 2006 14:50:41 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1F8jia-0002e1-QC for guile-devel@gnu.org; Mon, 13 Feb 2006 14:50:40 -0500 Original-Received: from [213.243.153.36] (helo=smtp3.pp.htv.fi) by monty-python.gnu.org with esmtp (Exim 4.52) id 1F8jn6-0002Z3-Ip for guile-devel@gnu.org; Mon, 13 Feb 2006 14:55:20 -0500 Original-Received: from zagadka.ping.de (cs181072157.pp.htv.fi [82.181.72.157]) by smtp3.pp.htv.fi (Postfix) with SMTP id 3258127AC32 for ; Mon, 13 Feb 2006 21:50:39 +0200 (EET) Original-Received: (qmail 19015 invoked by uid 1000); 13 Feb 2006 21:50:29 +0200 Original-To: guile-devel@gnu.org In-Reply-To: <87zmkvmw7s.fsf@laas.fr> (Ludovic =?iso-8859-1?Q?Court=E8s's?= message of "Mon, 13 Feb 2006 10:41:59 +0100") User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux) X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Errors-To: guile-devel-bounces+guile-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.lisp.guile.devel:5691 Archived-At: ludovic.courtes@laas.fr (Ludovic Court=E8s) writes: > BTW, I'd strongly recommend using SHA1 sums (e.g., via `sha1sum', part > of GNU Coreutils) rather than MD5. Yeah, that's probably best. > See the example at http://www.cits.rub.de/MD5Collisions/ if in > doubt. ;-) Well, they get to choose both texts that have a MD5 collision. Looking at the PostScript source reveals that the texts have been rigged, which should be enough if this goes to court. In our case, an attacker would need to find a second meaningful text that collides with the text that we provide. I guess that is much harder to do. And the tarball is signed with a SHA1 hash anyway. Maybe I should include the signature in the announcement and not a checksum... --=20 GPG: D5D4E405 - 2F9B BCCC 8527 692A 04E3 331E FAF8 226A D5D4 E405 _______________________________________________ Guile-devel mailing list Guile-devel@gnu.org http://lists.gnu.org/mailman/listinfo/guile-devel