Re: Debian derivatives census: missing SHA-1 hashes

To: Paul Wise <pabs@debian.org>
Cc: debian-derivatives <debian-derivatives@lists.debian.org>
Subject: Re: Debian derivatives census: missing SHA-1 hashes
From: Geoffrey Thomas <geofft@MIT.EDU>
Date: Sun, 14 Aug 2011 23:42:12 -0400 (EDT)
Message-id: <alpine.DEB.2.00.1108142340080.27469@tyger.mit.edu>
In-reply-to: <1313358489.24434.218.camel@chianamo>
References: <1313358489.24434.218.camel@chianamo>

By any chance do you have specific debugging logs of what you noticedwrong? (Presumably you checked this with a program that raised anexception?)

I got this e-mail twice, so I assume once was that there's somethingactually broken in our repositories and once was that I'm on this list,but we use reprepro in a pretty standard configuration and use SHA-1hashes everywhere I can see, so I'm not sure what's wrong. Somethingmorally equivalent to build logs would be helpful both for me and others.


Thanks,
--
Geoffrey Thomas
geofft@mit.edu

On Sun, 14 Aug 2011, Paul Wise wrote:

Hi all,

If you are receiving this mail that means you are participating in the
Debian derivatives census[1] and that your entry has an issue.

Please ensure that:

    1. Your APT repositories have SHA-1 hashes for every source and
       binary package so we can compare with old Debian packages.
    2. If you are using SHA-1 hashes in your APT repositories, please
       ensure that there is such a hash for every single file,
       especially for all the source package files.
    3. SHA-256 hashes are not and will not be used by the census, but
       Debian strongly encourages the use of hashes stronger than
       SHA-1.

The reason for these is that we are pursuing integration of information
about packages from derivatives into Debian infrastructure and that
integration will be using SHA-1 hashes to determine if packages were
ever in Debian. Please note that if you are inheriting Packages or
Sources files from Debian then missing SHA-1/SHA-256 hashes could be the
fault of the Debian archive (http://bugs.debian.org/637563).

In addition please make sure there is a contact point listed in the
maintainer field of your census page.

While you are editing your page, please fill in as much of the fields as
you have data for.

Please direct any questions you have to the derivatives list[3] or IRC
channel[4]. We strongly encourage you to join both of these.

    1. http://wiki.debian.org/Derivatives/Census
    2. http://wiki.debian.org/Derivatives/CensusTemplate
    3. http://lists.debian.org/debian-derivatives
    4. irc://irc.oftc.net/debian-derivatives

--
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Debian derivatives census: missing SHA-1 hashes
  - From: Paul Wise <pabs@debian.org>

References:
- Debian derivatives census: missing SHA-1 hashes
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: Debian derivatives census: missing SHA-1 hashes
Next by Date: Re: Debian derivatives census: missing SHA-1 hashes
Previous by thread: Re: Debian derivatives census: missing SHA-1 hashes
Next by thread: Re: Debian derivatives census: missing SHA-1 hashes
Index(es):
- Date
- Thread