Re: Time to replace MD5?

To: Bernd Eckenfels <ecki@lina.inka.de>
Cc: debian-security@lists.debian.org
Subject: Re: Time to replace MD5?
From: dann frazier <dannf@dannf.org>
Date: Tue, 12 Jun 2007 17:17:02 -0600
Message-id: <[🔎] 20070612231702.GG30215@colo.lackof.org>
In-reply-to: <[🔎] E1HyF2X-0000YX-00@calista.eckenfels.net>
References: <[🔎] 20070612211349.GA6350@kitenet.net> <[🔎] E1HyF2X-0000YX-00@calista.eckenfels.net>

On Wed, Jun 13, 2007 at 12:40:41AM +0200, Bernd Eckenfels wrote:
> In article <[🔎] 20070612211349.GA6350@kitenet.net> you wrote:
> > I don't understand why DSAs for etch include md5sums and manual upgrade
> > instructions at all. Apt can verify the checksum and gpg signature and
> > handle the upgrade after all, and probably more securely than the
> > average user following the manual instructions.
> 
> Because open source is all about choice. There might be admins using dpkg -i
> or security officers who build their local mirrors manually.

There may also be admins who prefer to use ar and run the maintainer
scripts by hand, and of course they are free to do so.

But, imo, Debian should document a single recommended procedure - and
direct execution of dpkg isn't something I'd recommend.

-- 
dann frazier

Reply to:

References:
- Re: Time to replace MD5?
  - From: Joey Hess <joeyh@debian.org>
- Re: Time to replace MD5?
  - From: Bernd Eckenfels <ecki@lina.inka.de>

Prev by Date: Re: Time to replace MD5?
Next by Date: Re: Time to replace MD5?
Previous by thread: Re: Time to replace MD5?
Next by thread: Re: Time to replace MD5?
Index(es):
- Date
- Thread