See Ganneff's last remark about D-I images. We should maybe provide more hashes of D-I images, from what I understand. How about computing a SHA512 additionnally of MD5SUM? From what I understand, this should be a few lines change in installer/build/Makefile ----- Forwarded message from Joerg Jaspert <joerg@ganneff.de> ----- Date: Sun, 20 Feb 2011 19:03:11 +0100 From: Joerg Jaspert <joerg@ganneff.de> To: debian-devel-announce@lists.debian.org Subject: Release file changes Organization: Goliath-BBS X-Mailing-List: <debian-devel-announce@lists.debian.org> archive/latest/1343 X-CRM114-Status: Good ( pR: 38.0079 ) Hi, until today our Release files included 3 Hashes for all their entries: MD5SUM, SHA1, SHA256. I just modified the code to no longer include MD5SUM in *all* newly generated Release files. I additionally opened a bug with apt to add support for SHA512SUM, so we can start using them. As soon as that is possible I intend to drop SHA256 and end up with SHA1/SHA512 only. And as a sidenote, taking the opportunity: We now also include the MD5SUMS of the debian-installer images, so those images can also be checked against a signature. (Yes, MD5, they dont provide more to us at the moment). -- bye, Joerg <towo> "Das Internet, jetzt auf 47 DVDs - oder auf 2 CDs in der jugenfreien Fassung"? ----- End forwarded message ----- --
Attachment:
signature.asc
Description: Digital signature