Debian derivatives census: timeline for dropping SHA-1 support from apt
- To: Stefano Costa <steko@iosa.it>, Skylar Thompson <skylar@bccd.net>, Prema S <premas@cdac.in>, Luis Alejandro Martínez Faneyth <luis@huntingbears.com.ve>, Geoffrey Thomas <geofft@mit.edu>, Klaus Knopper <debian-knoppix@knopper.net>, Clement Lefebvre <debian@linuxmint.com>, Jeremiah Foster <jeremiah@jeremiahfoster.com>, Issamo Kisaka <issamo.kisaka@gmail.com>, Raquel de Souza Silva <raquelss08@gmail.com>, Michael Hall <mhall119@ubuntu.com>, Alex Oruzheinikov <a.oruzheynikov@rusbitech.ru>, Agus Purnomo <goesspoerr@gmail.com>, Sam Geeraerts <samgee@elmundolibre.be>, Fernando Toledo <ragnarok@docksud.com.ar>, Sofía Martin <smartin@linti.unlp.edu.ar>, Brice Delmotte <brice@substantiel.fr>, Peter Michael Green <plugwash@raspbian.org>, Adrian Gibanel <adrian15sgd@gmail.com>, Eugenio g7 Paolantonio <me@medesimo.eu>, Arjen Balfoort <arjenbalfoort@solydxk.com>, Paweł Pijanowski <pavroo@onet.eu>, John Vert <johnv@valvesoftware.com>, Markus Niewerth <mniewerth@ultimediaos.com>, Daniil Baturin <daniil@baturin.org>, Jesus Palencia <sinfallas@yahoo.com>, Leszek Lesner <leszek@zevenos.com>
- Cc: debian-derivatives <debian-derivatives@lists.debian.org>
- Subject: Debian derivatives census: timeline for dropping SHA-1 support from apt
- From: Paul Wise <pabs@debian.org>
- Date: Tue, 15 Mar 2016 19:42:09 +0800
- Message-id: <[🔎] 1458042129.2669.99.camel@debian.org>
Hi all,
The Debian apt maintainers plan to drop SHA-1 support from apt:
https://juliank.wordpress.com/2016/03/14/dropping-sha-1-support-in-apt/
If you are in the To header on this mail then it means your derivative
relies on the security of MD5/SHA1 in some capacity. To find out where,
you can look at the check-package-list file for your distribution and
look at the Hash: fields at the top of your InRelease or Release.gpg
files. Please update your derivatives to add SHA-2 hashes in your apt
metadata and in your OpenPGP signatures of that apt metadata.
http://deriv.debian.net/Ubuntu/check-package-list
--
bye,
pabs
https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part
Reply to: