Re: Time to replace MD5?
In article <20070612211349.GA6350@kitenet.net> you wrote:
> I don't understand why DSAs for etch include md5sums and manual upgrade
> instructions at all. Apt can verify the checksum and gpg signature and
> handle the upgrade after all, and probably more securely than the
> average user following the manual instructions.
Because open source is all about choice. There might be admins using dpkg -i
or security officers who build their local mirrors manually.