Re: Debian derivatives census: timeline for dropping SHA-1 support from apt

[Paul Wise <pabs@debian.org>]

On Tue, Mar 15, 2016 at 9:21 PM, Patrick Schleizer wrote:

> https://whonix.org/download/whonixdevelopermetafiles/internal/dists/jessie/Release
>
> is using MD5, SHA-1 and SHA-256.
>
> Why is it a problem to keep MD5 and SHA-1 as long as SHA-256 is provided?
>
> The repository is created using reprepro. Does reprepro even support
> dropping MD5 and SHA-1?

AFAICT, Whonix doesn't have any problems with old hashes and thus I
didn't include you in the To header of the mail I sent.

That said, you might want to ask the Tor Project to add
Label/Description headers to their Release files:

http://deriv.debian.net/Whonix/check-package-list

You might also want to investigate the version mismatches between
source package versions declared by Packages and those declared by
Sources (and vice-versa):

http://deriv.debian.net/Whonix/diff_binary_packages
http://deriv.debian.net/Whonix/diff_source_packages

-- 
bye,
pabs

https://wiki.debian.org/PaulWise