Re: Time to replace MD5?
On Wed, Jun 13, 2007 at 12:40:41AM +0200, Bernd Eckenfels wrote:
> In article <20070612211349.GA6350@kitenet.net> you wrote:
> > I don't understand why DSAs for etch include md5sums and manual upgrade
> > instructions at all. Apt can verify the checksum and gpg signature and
> > handle the upgrade after all, and probably more securely than the
> > average user following the manual instructions.
> Because open source is all about choice. There might be admins using dpkg -i
> or security officers who build their local mirrors manually.
There may also be admins who prefer to use ar and run the maintainer
scripts by hand, and of course they are free to do so.
But, imo, Debian should document a single recommended procedure - and
direct execution of dpkg isn't something I'd recommend.