Touko Korpela wrote: > Debian Security Advisories currently contain MD5 checksums. As MD5 is no > longer strong enough, maybe it should be replaced by SHA1 or SHA256? I don't understand why DSAs for etch include md5sums and manual upgrade instructions at all. Apt can verify the checksum and gpg signature and handle the upgrade after all, and probably more securely than the average user following the manual instructions. It may have made sense before we had signed Release files, (or perhaps before we had apt :-), but it feels obsolete now. Note that DTSAs already only include apt upgrade instructions. -- see shy jo
Attachment:
signature.asc
Description: Digital signature