[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: no-strong-digests-in-dsc MBF

On Sat, Jan 21, 2017 at 06:31:44PM +0100, Philipp Kern wrote:
> AIUI we never exported the .changes files either, which would have
> allowed an independent party to check if the files inserted came from a
> developer or not.
yeah, I consider this another bug.

> > (and btw, let's drop md5sums for buster, "maybe", _completly_, or how long
> > do we want to be joked about?)
> I'm not sure why you say this. More than one hash is strictly better
> than just one.

well, yes, that's true. OTOH, not throwing away the support for md5sums
will never allow us to be sure that we're not still relying on md5sums


Attachment: signature.asc
Description: Digital signature

Reply to: