Bug#387202: marked as done (Please add sha1 sums for ISO images)

To: Simon Paillard <simon.paillard@resel.enst-bretagne.fr>
Subject: Bug#387202: marked as done (Please add sha1 sums for ISO images)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 30 Apr 2007 16:18:04 +0000
Message-id: <[🔎] handler.387202.D387202.117794979121260.ackdone@bugs.debian.org>
References: <20070430161630.GA15323@dedibox> <20060912215808.26260.83890.reportbug@localhost>

Your message dated Mon, 30 Apr 2007 18:16:30 +0200
with message-id <20070430161630.GA15323@dedibox>
and subject line Bug#387202: cdimage.debian.org: Missing md5sum for Sarge 3.1_r3 NetInstall CD
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: cdimage.debian.org: Missing md5sum for Sarge 3.1_r3 NetInstall CD
From: Simon Valiquette <v.simon@ieee.org>
Date: Tue, 12 Sep 2006 17:58:08 -0400
Message-id: <20060912215808.26260.83890.reportbug@localhost>

Package: cdimage.debian.org
Severity: normal

	The MD5SUM for the NetInstall CD and business card CD are missing,
at least for the x86 architecture (the other arch I checked had it,
including the 3.1_r2 x86 version).

http://cdimage.debian.org/debian-cd/3.1_r3/i386/iso-cd/

	It would be good to have them so that we can at least check that
we downloaded the ISO properly.  I am surprised it was not reported before.
I sometime like to validate that the ISO on my mirror are good ones.

	I would suggest that you also provide a signed SHA-1 hash instead
of just a MD5 hash.  Finding a collision with MD5 is now very fast
(less than a minute), so signing an MD5 hash just give a false sense of
security in my opinion.

Simon Valiquette
http://www.gulus.org
http://gulus.USherbrooke.ca

--- End Message ---

--- Begin Message ---

To: Steve McIntyre <steve@einval.com>

Cc: Simon Valiquette <v.simon@ieee.org>, 387202-done@bugs.debian.Org

Subject: Re: Bug#387202: cdimage.debian.org: Missing md5sum for Sarge 3.1_r3 NetInstall CD

From: Simon Paillard <simon.paillard@resel.enst-bretagne.fr>

Date: Mon, 30 Apr 2007 18:16:30 +0200

Message-id: <20070430161630.GA15323@dedibox>

In-reply-to: <20060916150405.GJ4062@einval.com>

References: <20060912215808.26260.83890.reportbug@localhost> <20060916150405.GJ4062@einval.com>
On Sat, Sep 16, 2006 at 04:04:05PM +0100, Steve McIntyre wrote:
> severity 387202 wishlist
> retitle 387202 Please add sha1 sums for ISO images
> thanks
> [...]
> >	I would suggest that you also provide a signed SHA-1 hash instead
> >of just a MD5 hash.  Finding a collision with MD5 is now very fast
> >(less than a minute), so signing an MD5 hash just give a false sense of
> >security in my opinion.
> 
> Good point; I've retitled your bug and added it to the wishlist for cd
> images to remind me to look into it. Things are made *slightly* more
> complicated by the build system, but I'll get onto it soon.

SHA-1 hash are now provided for Etch ISOs :
http://cdimage.debian.org/debian-cd/4.0_r0/i386/iso-cd/SHA1SUMS

Closing the bug.

-- 
Simon Paillard
--- End Message ---

Reply to:

Prev by Date: Bug#312519: marked as done (BitTorrent tracker doesn't know about 3.1r0a torrents)
Next by Date: Processed: reassign 420716 to www.debian.org
Previous by thread: Bug#312519: marked as done (BitTorrent tracker doesn't know about 3.1r0a torrents)
Next by thread: Processed: reassign 420716 to www.debian.org
Index(es):
- Date
- Thread