Re: Debian derivatives census: timeline for dropping SHA-1 support from apt
> Hi all,
> The Debian apt maintainers plan to drop SHA-1 support from apt:
> If you are in the To header on this mail then it means your derivative
> relies on the security of MD5/SHA1 in some capacity. To find out where,
> you can look at the check-package-list file for your distribution and
> look at the Hash: fields at the top of your InRelease or Release.gpg
> files. Please update your derivatives to add SHA-2 hashes in your apt
> metadata and in your OpenPGP signatures of that apt metadata.
is using MD5, SHA-1 and SHA-256.
Why is it a problem to keep MD5 and SHA-1 as long as SHA-256 is provided?
The repository is created using reprepro. Does reprepro even support
dropping MD5 and SHA-1?