Re: Archive changes
Am 2016-03-16 01:20, schrieb Steve McIntyre:
I've just activated a few changes to the archive we talk(ed) about for
long time. And while it is not exactly the start of this release
it should still work out nicely (so one hopes).
As of now, InRelease/Release files, Packages and Sources no longer
provide MD5Sum and SHA1sums, only SHA256.
That (Packages and Sources) will break jigdo generation for debian-cd
(and hence all CD/DVD/BD builds). We can't fix this easily in a short
timescale - current released jigdo clients (both in Debian and
externally) use md5 internally to reference files in the archive. Not
as a *security* feature; this is the core design of jigdo.
If it really turns out that this is unchangeable for now - the code is
flexible enough to allow to freely select checksum types by suite, so
md5 could be turned on for a suite too. Without getting sha1 back.
(Its written so that it can simply support any checksum apt_pkg
Im not sure we *want* to support that, at least for sure not for more
than stretch, but we could.
Additionally I turned off generating gzip compressed versions of those
files, xz is there.
And that will break various other parts of debian-cd.
Question is how hard a change of a compression tool is there.
To test it, this is limited to experimental. We hope nothing breaks on
but lets try for a few days. If that works out, we should adjust
unstable, and another short time later coordinate with the release
to adjust testing, so it ends up in the next release.
Please, no. We need more time than that to fix things up.
Its not like its an entirely new idea to do this.
Also, from reading the current replies, noone has a problem with
removing sha1, so that one seems a set thing. md5 and gz files removals
make people more happy.