[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Sun, Oct 14, 2012 at 9:08 PM, Christoph Anton Mitterer wrote:
>> If so, please submit
>> bugs, and we will look at fixing them.  Otherwise, speculation gets us
>> nowhere and actually wastes time.
> Well I had once a discussion (around March this year) here about
> blockin/downgrade attacks... which, AFAICS, both are possible in secure
> APT right now.... but there was no real outcome.
> Unforunately it seems that people do not take these higher-level attacks
> really serious.... even though the danger they impose is quite high.

Are there bug reports with a clear description of the problem,
preferably with a proposed fix?  Discussion doesn't really get us
anywhere.  Useful info and actual efforts at fixing problems do.

Best wishes,

Reply to: