[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: no-strong-digests-in-dsc MBF

Adrian Bunk writes:
> I want to do a MBF for all packages without a SHA256 checksum field
> in the .dsc [1] - only SHA1 as hash would not be good in stretch.

Why?  The Sources index should have a stronger hash either way.

If you care about stronger hashes in the .dsc itself, wouldn't the .dsc
itself be need to be signed by a stronger hash?  I would expect there
are still a lot more .dsc with "Hash: SHA1" in the archive.


Reply to: