Re: Dropping older, less-secure checksums files

To: debian-cloud@lists.debian.org
Subject: Re: Dropping older, less-secure checksums files
From: Emmanuel Kasper <emmanuel@libera.cc>
Date: Tue, 16 Jul 2019 17:03:08 +0200
Message-id: <[🔎] bf13a52d-9bf3-2d9c-4818-63933341fffc@libera.cc>
In-reply-to: <[🔎] 20190716145813.GP4056@tack.einval.com>
References: <[🔎] 20190716145813.GP4056@tack.einval.com>

Am 16.07.2019 um 16:58 schrieb Steve McIntyre:

Hey folks,

We currently make 4 different checksums files for installer, live and
openstack images published from cdimage.d.o (aka get.d.o, cloud.d.o):
MD5SUMS, SHA1SUMS, SHA256SUMS and SHA512SUMS.

Prompted by a discussion on irc a couple of days back, I'm looking
into dropping generation of the older, less secure MD5 and SHA1
checksums. I'm planning on leaving these alone for existing releases,
including for future stretch and buster point release builds. But for
regular daily/weekly builds of testing/bullseye images, I'm going to
drop the MD5SUMS and SHA1SUMS files.

Shout now if you have a problem with that...

I am personally using your SHA256SUMS fron iso images to buid theVagrant Boxes, so I care for those, IMHO dropping the less securechecksums for future images is find.


Emmanuel

Reply to:

References:
- Dropping older, less-secure checksums files
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Dropping older, less-secure checksums files
Next by Date: Bug#931572: Vagrant box missing stable buster release
Previous by thread: Dropping older, less-secure checksums files
Next by thread: Re: Dropping older, less-secure checksums files
Index(es):
- Date
- Thread