Re: [dev] Checksums and Sig files for release gzip

From: Daniel Cegiełka <>
Date: Tue, 13 Apr 2021 16:45:07 +0200

How/where SHA512 is better than SHA256 or SHA1? I don't see any added
value in this. If someone breaks into your server and replace files,
may also regenerate check sums (SHA256/512 or SHA3, scrypt etc.). The
use of MD5 will be equally (un)safe as SHA512 :)

A better solution is e.g. signify from OpenBSD or GnuPG.


wt., 13 kwi 2021 o 13:36 Sagar Acharya <> napisał(a):
> Can we have SHA512 checksums and sig files for the release gzips of suckless software?
> Thanking you
> Sagar Acharya
Received on Tue Apr 13 2021 - 16:45:07 CEST

This archive was generated by hypermail 2.3.0 : Tue Apr 13 2021 - 16:48:09 CEST