[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: new hashes (SHA512, SHA3) in apt metadata and .changes files?

On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise <pabs@debian.org> wrote:
> If so, here is the list of software that probably needs updating:
>
> dak
> apt/apt-ftparchive
> reprepro
> launchpad
> dpkg-dev
> devscripts
> derivatives census

(c)debootstrap

Also, apt-get is forcing MD5 in --print-uris by default because not doing
it used to break all kinds of scripts. I think jigdo was one of them,
no idea if that is really the case and/or if this changed by now.
(not saying they shouldn't be fixed, just that the list is probably longer)


> Side note; is SHA512 accepted/checked by apt in Release files yet? If
> so it would be great if the spec at [2] could be updated for that.

Yes, APT is supporting SHA512 in in/output, but more as a by-product
of the SHA2 group as a whole than a specific feature. This, and a bit that
APT is just one implementation of this "spec" is the reason that it isn't
mentioned in the wiki.


Best regards

David Kalnischkies
Reply to: