Kenneth Porter wrote:
--On Saturday, June 11, 2005 7:57 PM -0400 Tony Nelson <tonynelson@xxxxxxxxxxxxxxxxx> wrote:
http://lists.gnupg.org/pipermail/gnupg-ru/2004-December/000158.html
Given the extent of the discovered weakness and the likelyhood that people
won't be installing this release more than a few years down the road, this
seems to me to be an overreaction. Ah, well. Hopefully it is known that
SHA1 is truely more secure than MD5, rather than just that there have been
no alarming reports yet.
Since Fedora is supposed to be bleeding edge and the place to try new technologies, this lets this mechanism get tested by those willing to take the risk, before it gets deployed to the more conservative products.
If we are talking about risks, note that sha1sum is potentially *less* riskier than md5sum. Fedora is anything but conservative though
regards
Rahul