[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian derivatives census: timeline for dropping SHA-1 support from apt

On Tue, Mar 15, 2016 at 9:21 PM, Patrick Schleizer wrote:

> https://whonix.org/download/whonixdevelopermetafiles/internal/dists/jessie/Release
> is using MD5, SHA-1 and SHA-256.
> Why is it a problem to keep MD5 and SHA-1 as long as SHA-256 is provided?
> The repository is created using reprepro. Does reprepro even support
> dropping MD5 and SHA-1?

AFAICT, Whonix doesn't have any problems with old hashes and thus I
didn't include you in the To header of the mail I sent.

That said, you might want to ask the Tor Project to add
Label/Description headers to their Release files:


You might also want to investigate the version mismatches between
source package versions declared by Packages and those declared by
Sources (and vice-versa):




Reply to: