Re: Time to replace MD5?

To: debian-security@lists.debian.org
Subject: Re: Time to replace MD5?
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Wed, 13 Jun 2007 00:40:41 +0200
Message-id: <[🔎] E1HyF2X-0000YX-00@calista.eckenfels.net>
In-reply-to: <[🔎] 20070612211349.GA6350@kitenet.net>

In article <[🔎] 20070612211349.GA6350@kitenet.net> you wrote:
> I don't understand why DSAs for etch include md5sums and manual upgrade
> instructions at all. Apt can verify the checksum and gpg signature and
> handle the upgrade after all, and probably more securely than the
> average user following the manual instructions.

Because open source is all about choice. There might be admins using dpkg -i
or security officers who build their local mirrors manually.

Gruss
Bernd

Reply to:

Follow-Ups:
- Re: Time to replace MD5?
  - From: dann frazier <dannf@dannf.org>
- Re: Time to replace MD5?
  - From: Joey Hess <joeyh@debian.org>
- Re: Time to replace MD5?
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>

References:
- Re: Time to replace MD5?
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Latest OOo Etch update -7etch1 depends on different libneon
Next by Date: Re: Time to replace MD5?
Previous by thread: Re: Time to replace MD5?
Next by thread: Re: Time to replace MD5?
Index(es):
- Date
- Thread