[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Release file changes

> until today our Release files included 3 Hashes for all their entries:
> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
> MD5SUM in *all* newly generated Release files.

Right. For now I undo this (with next dinstall run), until either one of
the following happens:

  - lenny is gone and the tools are fixed in squeeze with a point
    update (provided the SRMs approve such updates, but I *hope* so).
    Until today we discovered:
     * debootstrap (has a patch IIRC)
     * cdebootstrap
     * debmirror (fix uploaded)
     * reprepro
     * anna
     * apt-cacher(-ng)

  - wheezy is released. (This is the option I dont really favor, takes
    ages :) )

Also note that in the process we found some inconsistencies in the
Sources file output by apt-ftparchive we currently use - it doesn't
provide a Checksum other than MD5 for the .dsc files of a package. Thats
fixed in Squeeze and so will be fixed on ftp-master when we upgrade the
machine to Squeeze, currently scheduled the day before our meeting.

Additionally let me mention that *right* *now* we are not removing MD5
anywhere else (got asked about Packages/Sources files), but that those
are certainly on the list to be done. Ideally we end up with just two
(at least halfway trustable :) ) hashes everywhere in the archive.

bye, Joerg
<elmo> [..] trying to avoid extra dependencies on gnumeric is like trying to
       plug one hole in the titantic with a bit of tissue paper"

Reply to: