On Sat, Jan 21, 2017 at 06:31:44PM +0100, Philipp Kern wrote: > AIUI we never exported the .changes files either, which would have > allowed an independent party to check if the files inserted came from a > developer or not. yeah, I consider this another bug. > > (and btw, let's drop md5sums for buster, "maybe", _completly_, or how long > > do we want to be joked about?) > I'm not sure why you say this. More than one hash is strictly better > than just one. well, yes, that's true. OTOH, not throwing away the support for md5sums will never allow us to be sure that we're not still relying on md5sums somewhere. -- cheers, Holger
Attachment:
signature.asc
Description: Digital signature