Hi, Steven Chamberlain <email@example.com> (2017-02-27): > Cyril Brulebois wrote: > > AFAICT net-retriever does the fetching and checking work? > > Mayyybe... > > Although with > http://ftp.de.debian.org/debian/dists/testing/main/installer-i386/20170127/images/netboot/mini.iso > I observed md5sum and sha256sum only being executed as indicated in the > attached log. So we're only checking newer checksums for Packages files (against what's in Release files, bad bad bad us indeed. IIRC MD5sum field was kept (as in: added back) because debian-cd needs it at the moment, which partly explains why this wasn't fixed earlier. I'm not sure whether this exists already (be it for the whole distribution or for d-i specifically), but referencing places where stuff like parsing happens (Release, Packages, etc.), and where checkums are used, would help figure out what to change when the list of supported fields/checksums are updated. Might be another way to leverage this whole debacle thing. KiBi.
Description: Digital signature