Re: md5 hashes used in security announcements
On Sat, Oct 25, 2008 at 02:33, Kees Cook <kees@outflux.net> wrote:
> [...]
>
> Additionally, it doesn't matter -- it's just the md5 in the email
> announcement. The Release and Packages files for the archive have SHA1
> and SHA256. The md5 from the announcement is almost not important,
> IMO -- no one should download files individually from the announcement.
If no one should download files individually from the announcement,
there's no point in including that long list of package URLs and
hashes in the announcements at all. It would be enough to say, "Please
use apt or your favorite package manager to download the packages for
your system."
Reply to: