Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

To: <debian-devel@lists.debian.org>
Subject: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Fri, 12 Oct 2012 13:03:52 +0100
Message-id: <[🔎] c881b1115792d5f04cc31b53c1bef293@mail.adsl.funky-badger.org>
In-reply-to: <[🔎] 1350042559.7883.0.camel@heisenberg.scientia.net>
References: <[🔎] 1349911198.3341.117.camel@fermat.scientia.net> <[🔎] 20121011181855.GA8645@roeckx.be> <[🔎] 1350001815.3370.65.camel@fermat.scientia.net> <[🔎] CAKTje6F-37FUhWCGFNXMU-mD-quTORa6MWJewXhRzFUeHG7i9g@mail.gmail.com> <[🔎] 1350042559.7883.0.camel@heisenberg.scientia.net>

On 12.10.2012 12:49, Christoph Anton Mitterer wrote:

On Fri, 2012-10-12 at 10:09 +0800, Paul Wise wrote:

> I further looked around:
> e.g. the Release file seems to only use MD5.... not so good :(
Wrong, the Release file has had all 3 since sarge. woody had MD5 &SHA-1.


Then what's this:
ftp://ftp.de.debian.org/debian/dists/sid/Release

It's a file containing MD5, SHA1 and SHA256 sums, as has already beenexplained to you.


/===================================================================
| $ wget -q ftp://ftp.de.debian.org/debian/dists/sid/Release
|
| $ sha256sum Release

| ca8a6b8809246a885e74600d2a61a0b73ead28dd0f324a682d8d3d359d82aa35Release

|
| $ grep -v "^ " Release
| Origin: Debian
| Label: Debian
| Suite: unstable
| Codename: sid
| Date: Fri, 12 Oct 2012 08:17:30 UTC
| Valid-Until: Fri, 19 Oct 2012 08:17:30 UTC

| Architectures: amd64 armel armhf hurd-i386 i386 ia64 kfreebsd-amd64kfreebsd-i386 mips mipsel powerpc s390 s390x sparc

| Components: main contrib non-free
| Description: Debian x.y Unstable - Not Released
| MD5Sum:
| SHA1:
| SHA256:
\===================================================================

I'm struggling to see what point you believe you're making here.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Dmitrijs Ledkovs <xnox@debian.org>

References:
- Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Paul Wise <pabs@debian.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by Date: Re: Poll (was: Popularity of bzr-builddeb and dh-make)
Previous by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Index(es):
- Date
- Thread