[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Time to replace MD5?

In article <20070612211349.GA6350@kitenet.net> you wrote:
> I don't understand why DSAs for etch include md5sums and manual upgrade
> instructions at all. Apt can verify the checksum and gpg signature and
> handle the upgrade after all, and probably more securely than the
> average user following the manual instructions.

Because open source is all about choice. There might be admins using dpkg -i
or security officers who build their local mirrors manually.


Reply to: