Re: Debian derivatives census: timeline for dropping SHA-1 support from apt
On Tue, Mar 15, 2016 at 9:21 PM, Patrick Schleizer wrote:
> https://whonix.org/download/whonixdevelopermetafiles/internal/dists/jessie/Release
>
> is using MD5, SHA-1 and SHA-256.
>
> Why is it a problem to keep MD5 and SHA-1 as long as SHA-256 is provided?
>
> The repository is created using reprepro. Does reprepro even support
> dropping MD5 and SHA-1?
AFAICT, Whonix doesn't have any problems with old hashes and thus I
didn't include you in the To header of the mail I sent.
That said, you might want to ask the Tor Project to add
Label/Description headers to their Release files:
http://deriv.debian.net/Whonix/check-package-list
You might also want to investigate the version mismatches between
source package versions declared by Packages and those declared by
Sources (and vice-versa):
http://deriv.debian.net/Whonix/diff_binary_packages
http://deriv.debian.net/Whonix/diff_source_packages
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: