[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release file changes

On 12398 March 1977, Joey Hess wrote:

>> until today our Release files included 3 Hashes for all their entries:
>> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
>> MD5SUM in *all* newly generated Release files.
> When will that affect Release files for stable? Next point release?
> Because that unfortunatly completly breaks debmirror..

Yep. debmirror, reprepro, debootstrap and cdebootstrap seem to be the
tools that can't deal with this. The latter two are serious enough to
keep the change away from oldstable forever, and stable at least until
after next point release, should they get updated there.

> Also, I'll see about getting d-i generating some stronger checksum files
> now that it's been pointed out. Although I wonder if it would make more
> sense to generate those checksums on the server side.

Well, the files currently come from the d-i builds. Makes sense, it
shows what the build host expects them to be, not what a *possible*
corruption during transport to us and unpack made them. How likely such
a corruption is is a different topic, but the theoretical possibility is
there. And we ARE using the MD5SUMS file when we accept the d-i tarballs
to check if it actually matches, so I think we should keep that.

Please ping me when you start providing additional checksum files (if
possible before the debian-installer-images upload, so I can have the
byhand and release file generation script adjusted).

bye, Joerg
I'm having the best day of my life, and I owe it all to not going to Church!

Reply to: