Johannes Winkelmann wrote:

Danny,

On Wed, Jan 07, 2009 at 15:23:39 +1100, Danny Rawlins wrote:

...

Hi as predatorfreak tried to pus sha256 and CRUX devs shrugged it off and didn't do anything [...]

Maybe you want to go read through http://crux.nu/bugs/index.php?do=details&task_id=223 again before claiming that "CRUX devs shrugged it off". The last message is predatorfreak saying that he'll "'ll produce a hard-break patch and submit it here later, as a hard break seems to be the preferred solution by most people."

Uh what is a "hard break patch"? A hard coded patch in place of md5sum than a add on to use sha256 with md5 at the same time? Or is it to do with breaking the patch up into smaller patches? Or something else I did search and did not find the answer to that. If i knew I may fix the patch or whatever it is your waiting on being done, and it would of been nice if this got done for CRUX-2.5.

...

well how much more proof do you need that md5 is insecure?

MD5 Is Officially Insecure: Hackers Break SSL Certificates, Impersonate CA http://www.dailytech.com/article.aspx?newsid=13842

Have you even read that document?

This document is specific to MD5 in a Public Key Infrastructure scenario. How does that apply to .md5sum in ports? Please explain.

Yes but it shows md5 is insecure, the comment on the bug report shows the real attack of a "malicious open-source developer" on the bug comments. http://crux.nu/bugs/index.php?do=details&task_id=223#comments

Johannes

Regards, Danny Rawlins