Re: Dropping older, less-secure checksums files

To: debian-cd@lists.debian.org, debian-live@lists.debian.org, debian-cloud@lists.debian.org
Subject: Re: Dropping older, less-secure checksums files
From: Steve McIntyre <steve@einval.com>
Date: Tue, 16 Jul 2019 22:22:01 +0100
Message-id: <[🔎] 20190716212201.GS4056@tack.einval.com>
In-reply-to: <[🔎] 20190716145813.GP4056@tack.einval.com>
References: <[🔎] 20190716145813.GP4056@tack.einval.com>

On Tue, Jul 16, 2019 at 03:58:13PM +0100, Steve McIntyre wrote:
>Hey folks,
>
>We currently make 4 different checksums files for installer, live and
>openstack images published from cdimage.d.o (aka get.d.o, cloud.d.o):
>MD5SUMS, SHA1SUMS, SHA256SUMS and SHA512SUMS.
>
>Prompted by a discussion on irc a couple of days back, I'm looking
>into dropping generation of the older, less secure MD5 and SHA1
>checksums. I'm planning on leaving these alone for existing releases,
>including for future stretch and buster point release builds. But for
>regular daily/weekly builds of testing/bullseye images, I'm going to
>drop the MD5SUMS and SHA1SUMS files.
>
>Shout now if you have a problem with that...

I've done the work needed in 3 repos and a test build is ongoing
now. Looks good so far...

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"This dress doesn't reverse." -- Alden Spiess

Reply to:

References:
- Dropping older, less-secure checksums files
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Bug#931572: Vagrant box missing stable buster release
Next by Date: Processed: tagging 931572
Previous by thread: Re: Dropping older, less-secure checksums files
Next by thread: Processed: tagging 931572
Index(es):
- Date
- Thread