Re: please, let's completely drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)

To: Philipp Kern <pkern@debian.org>, debian-devel@lists.debian.org
Subject: Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
From: Bernd Zeimetz <bernd@bzed.de>
Date: Sun, 22 Jan 2017 12:34:11 +0100
Message-id: <[🔎] 1133513f-7bb5-8906-f15f-e8e09cff233f@bzed.de>
In-reply-to: <[🔎] b51cbde5-635e-703f-8399-b09321d7fd7e@philkern.de>
References: <[🔎] 20170117215316.lqbnnqw7a6zrovcp@localhost> <[🔎] o5m8h1$ott$1@blaine.gmane.org> <[🔎] 20170119132751.GC3595@layer-acht.org> <[🔎] 67785303-0536-fa91-f1b1-9dbc35a02961@philkern.de> <[🔎] 20170121173441.GA24478@layer-acht.org> <[🔎] 20170121231703.GA15896@layer-acht.org> <[🔎] b51cbde5-635e-703f-8399-b09321d7fd7e@philkern.de>


On 01/22/2017 10:49 AM, Philipp Kern wrote:
> On 22.01.2017 00:17, Holger Levsen wrote:
>> We really ought to do the same. I'm all for keeping sha1+sha256, but
>> please let's *completely* drop md5sums for buster.
> 
> We already dropped SHA1, FWIW, so it's md5+sha256. And again, the Oracle
> announcement was about MD5-only, so isn't relevant to the discussion.
> 
> I do sympathize with the "drop md5sum to see what breaks". But that's a
> discussion for after the release. And how you formulate your argument
> does not help your case.

afaik people are criticizing that there are still (only) md5sum files in
/var/lib/dpkg/info. As dpkg --verify uses them, it might indeed make
sense to replace them.
(yes, dpkg is not an IDS, but better than nothing...).


-- 
 Bernd Zeimetz                            Debian GNU/Linux Developer
 http://bzed.de                                http://www.debian.org
 GPG Fingerprint: ECA1 E3F2 8E11 2432 D485  DD95 EB36 171A 6FF9 435F

Reply to:

Follow-Ups:
- Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
  - From: Philipp Kern <pkern@debian.org>
- Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
  - From: Guus Sliepen <guus@debian.org>

References:
- no-strong-digests-in-dsc MBF
  - From: Adrian Bunk <bunk@debian.org>
- Re: no-strong-digests-in-dsc MBF
  - From: Stuart Prescott <stuart@debian.org>
- Re: no-strong-digests-in-dsc MBF
  - From: Holger Levsen <holger@layer-acht.org>
- Re: no-strong-digests-in-dsc MBF
  - From: Philipp Kern <pkern@debian.org>
- Re: no-strong-digests-in-dsc MBF
  - From: Holger Levsen <holger@layer-acht.org>
- please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
  - From: Holger Levsen <holger@layer-acht.org>
- Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
Next by Date: Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
Previous by thread: Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
Next by thread: Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)
Index(es):
- Date
- Thread

Re: please, let's *completely* drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)

Re: please, let's completely drop md5sums for buster (was Re: no-strong-digests-in-dsc MBF)