Re: apt-get update hashsum mismatch prevent

To: Ansgar Burchardt <ansgar@debian.org>
Cc: debian-dak@lists.debian.org, deity@lists.debian.org
Subject: Re: apt-get update hashsum mismatch prevent
From: Michael Vogt <mvo@debian.org>
Date: Tue, 24 Jun 2014 16:12:29 +0200
Message-id: <[🔎] 20140624141229.GJ3942@bod>
In-reply-to: <[🔎] 8761jw22ge.fsf@deep-thought.43-1.org>
References: <20140526124033.GI3892@bod> <[🔎] 8761jw22ge.fsf@deep-thought.43-1.org>

On Thu, Jun 19, 2014 at 08:12:33PM +0200, Ansgar Burchardt wrote:
> Hi,
Hi Ansgar,

thanks for your feedback!
 
> Michael Vogt <mvo@debian.org> writes:
> > - we add a flag to InRelease like "Content-Addressable-Indexes: yes"
> >   "Get-By-Hash: sha256,sha1" (suggestions for a good name welcome) [2]
> 
> > [2] Either going with a simple boolean flag in which case the hashes
> >     need to be provided for all hashes in the Release file (e.g.
> >     via symlinks) or by using specific hashes mentioned in the 
> >     Release file. I lean towards just using a boolean as its
> >     the simplest solution.
> 
> I think the field should say which hash to use. There is no need for the
> archive to have to provide the files under all possible hash names (or
> apt/debmirror/* to probe which files actually exist).

Ok, David is also in favor of using a explicit hashtype in the field,
so I will put it on the list of things to implement. There is a
implementation of this in experimental but that is just using the
boolean flag which means it will use the strongest hash. I will try to
find time to fix this soon.

Cheers,
 Michael

Reply to:

References:
- Re: apt-get update hashsum mismatch prevent
  - From: Ansgar Burchardt <ansgar@debian.org>

Prev by Date: Re: apt-get update hashsum mismatch prevent
Next by Date: [dak/master] Add change-component command.
Previous by thread: Re: apt-get update hashsum mismatch prevent
Next by thread: [dak/master] dak queue-report: --822 outputs to stdout if no other location is given
Index(es):
- Date
- Thread