Re: Debian derivatives census: missing SHA-1 hashes

To: debian-derivatives <debian-derivatives@lists.debian.org>
Subject: Re: Debian derivatives census: missing SHA-1 hashes
From: Paul Wise <pabs@debian.org>
Date: Tue, 20 Sep 2011 22:28:35 +0800
Message-id: <[🔎] CAKTje6GS-U7rFgyv=3A+gJm+PnfvacZxuNN19qWCtvDsF2qQ-w@mail.gmail.com>
In-reply-to: <1313358489.24434.218.camel@chianamo>
References: <1313358489.24434.218.camel@chianamo>

On Mon, Aug 15, 2011 at 5:48 AM, Paul Wise wrote:

> Please ensure that:
>
>     1. Your APT repositories have SHA-1 hashes for every source and
>        binary package so we can compare with old Debian packages.
>     2. If you are using SHA-1 hashes in your APT repositories, please
>        ensure that there is such a hash for every single file,
>        especially for all the source package files.
>     3. SHA-256 hashes are not and will not be used by the census, but
>        Debian strongly encourages the use of hashes stronger than
>        SHA-1.

Those of you who are interested in which derivatives are affected by
this issue, please take a look at the check-package-list files in the
subdirectories of this page:

http://dex.alioth.debian.org/census/

This is not automatically updated yet, the script is in git though so
you can run it on your own derivative easily.

At some point I want to switch it to outputting lintian-like tags.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Prev by Date: Re: Debian derivatives census: missing SHA-1 hashes
Next by Date: Re: Debian derivatives census: missing SHA-1 hashes
Previous by thread: Re: Debian derivatives census: missing SHA-1 hashes
Next by thread: Re: Debian derivatives census: missing SHA-1 hashes
Index(es):
- Date
- Thread