Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
On 12.10.2012 12:49, Christoph Anton Mitterer wrote:
On Fri, 2012-10-12 at 10:09 +0800, Paul Wise wrote:
> I further looked around:
> e.g. the Release file seems to only use MD5.... not so good :(
Wrong, the Release file has had all 3 since sarge. woody had MD5 &
SHA-1.
Then what's this:
ftp://ftp.de.debian.org/debian/dists/sid/Release
It's a file containing MD5, SHA1 and SHA256 sums, as has already been
explained to you.
/===================================================================
| $ wget -q ftp://ftp.de.debian.org/debian/dists/sid/Release
|
| $ sha256sum Release
| ca8a6b8809246a885e74600d2a61a0b73ead28dd0f324a682d8d3d359d82aa35
Release
|
| $ grep -v "^ " Release
| Origin: Debian
| Label: Debian
| Suite: unstable
| Codename: sid
| Date: Fri, 12 Oct 2012 08:17:30 UTC
| Valid-Until: Fri, 19 Oct 2012 08:17:30 UTC
| Architectures: amd64 armel armhf hurd-i386 i386 ia64 kfreebsd-amd64
kfreebsd-i386 mips mipsel powerpc s390 s390x sparc
| Components: main contrib non-free
| Description: Debian x.y Unstable - Not Released
| MD5Sum:
| SHA1:
| SHA256:
\===================================================================
I'm struggling to see what point you believe you're making here.
Regards,
Adam
Reply to: