Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

To: debian-devel@lists.debian.org
Subject: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
From: Michael Gilbert <mgilbert@debian.org>
Date: Mon, 15 Oct 2012 13:46:41 -0400
Message-id: <[🔎] CANTw=MOLY-7t_=-ZBOaBThnmQg7J9H7wXbQS_K+2up6V84+E5A@mail.gmail.com>
In-reply-to: <[🔎] 1350263327.3406.46.camel@fermat.scientia.net>
References: <[🔎] 1349911198.3341.117.camel@fermat.scientia.net> <[🔎] 20121011163521.GC4151@p12n.org> <[🔎] 1349977131.3370.29.camel@fermat.scientia.net> <[🔎] CAAZ6_fAgOpwsdmmjZXm5P_UocZ0CjEsx=oHoe2gG_ryBwNcGxQ@mail.gmail.com> <[🔎] 1350073860.9604.20.camel@fermat.scientia.net> <[🔎] CANTw=MP9wqmuuey4-erR4JNNRZn1NnpKPSCbz5nT1ca4DrunLA@mail.gmail.com> <[🔎] 1350074736.9604.22.camel@fermat.scientia.net> <[🔎] CANTw=MNPfrP=N+92tHmy7tSqp8WQrKpEXyNghif0NHs0zPmLHQ@mail.gmail.com> <[🔎] 1350263327.3406.46.camel@fermat.scientia.net>

On Sun, Oct 14, 2012 at 9:08 PM, Christoph Anton Mitterer wrote:
>> If so, please submit
>> bugs, and we will look at fixing them.  Otherwise, speculation gets us
>> nowhere and actually wastes time.
> Well I had once a discussion (around March this year) here about
> blockin/downgrade attacks... which, AFAICS, both are possible in secure
> APT right now.... but there was no real outcome.
> Unforunately it seems that people do not take these higher-level attacks
> really serious.... even though the danger they impose is quite high.

Are there bug reports with a clear description of the problem,
preferably with a proposed fix?  Discussion doesn't really get us
anywhere.  Useful info and actual efforts at fixing problems do.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Dmitrijs Ledkovs <xnox@debian.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

References:
- Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Peter Samuelson <peter@p12n.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: David Kalnischkies <kalnischkies@gmail.com>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Michael Gilbert <mgilbert@debian.org>
- Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
  - From: Christoph Anton Mitterer <calestyo@scientia.net>

Prev by Date: Re: Report from the BSP in Alcester, GB
Next by Date: Bug#690591: ITP: kfreebsd-firmware-nonfree -- Nonfree firmware modules for kfreebsd kernel
Previous by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Next by thread: Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
Index(es):
- Date
- Thread