Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)
On Sun, Oct 14, 2012 at 9:08 PM, Christoph Anton Mitterer wrote:
>> If so, please submit
>> bugs, and we will look at fixing them. Otherwise, speculation gets us
>> nowhere and actually wastes time.
> Well I had once a discussion (around March this year) here about
> blockin/downgrade attacks... which, AFAICS, both are possible in secure
> APT right now.... but there was no real outcome.
> Unforunately it seems that people do not take these higher-level attacks
> really serious.... even though the danger they impose is quite high.
Are there bug reports with a clear description of the problem,
preferably with a proposed fix? Discussion doesn't really get us
anywhere. Useful info and actual efforts at fixing problems do.