Re: debsums: no md5sums for a lot of important packages on sarge

To: debian-security@lists.debian.org
Subject: Re: debsums: no md5sums for a lot of important packages on sarge
From: Romain Francoise <rfrancoise@debian.org>
Date: Mon, 08 Oct 2007 14:21:18 +0200
Message-id: <[🔎] 87ejg5re4h.fsf@elegiac.orebokech.com>
References: <[🔎] feffd9290710080030r41ac7f4do98931feeae8ab6ac@mail.gmail.com>

"Alexandros Papadopoulos" <apapadop@alumni.cmu.edu> writes:

> My question is, is it acceptable to have so many important and
> widely used packages in *stable* without MD5 checksums?

MD5 checksums aren't mandatory, so quite a few packages don't have
them.  We hope to change this for future releases, but the number of
affected packages is still too important to make it a release goal.
See the following page for up-to-date statistics:

  http://people.debian.org/~rfrancoise/md5sums-check/

(They apply to sid, not etch.)

I set this up back in August:

  http://blog.orebokech.com/2007/08/debian-packages-without-md5sums.html
  http://lists.debian.org/debian-devel/2007/08/msg00708.html

Cheers,

-- 
  ,''`.
 : :' :        Romain Francoise <rfrancoise@debian.org>
 `. `'         http://people.debian.org/~rfrancoise/
   `-

Reply to:

References:
- debsums: no md5sums for a lot of important packages on sarge
  - From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>

Prev by Date: Re: debsums: no md5sums for a lot of important packages on sarge
Next by Date: Re: [SECURITY] [DSA 1381-1] New Linux 2.6.18 packages fix several vulnerabilities
Previous by thread: Re: debsums: no md5sums for a lot of important packages on sarge
Next by thread: Re: debsums: no md5sums for a lot of important packages on sarge
Index(es):
- Date
- Thread