Re: Hash algorithms used by APT to verify authenticity of installed files.

To: Tomasz Wozowicz <zirconiumnzinc@gmail.com>
Cc: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: Hash algorithms used by APT to verify authenticity of installed files.
From: helpermn <helpermn@gmail.com>
Date: Sun, 1 May 2011 04:14:54 +0200
Message-id: <[🔎] 40C27ACE-6CCE-43AB-8CC4-1104A542BD42@gmail.com>
In-reply-to: <BANLkTiknLWnB+yViErAUeWj1UGJh9e=mGA@mail.gmail.com>
References: <BANLkTiknLWnB+yViErAUeWj1UGJh9e=mGA@mail.gmail.com>

Tomasz Wozowicz <zirconiumnzinc@gmail.com> wrote:

It doesnt say what  will happen if the expected hash is unavaible-
maybe it will just use weaker hash as fallback? I think  that issues
regarding security should be descriped clearly and exhaustively.

Try to install or upgrade Chrome having set to sha256. Upgrade fails,so it does'nt fall back :)


--
helpermn

Reply to:

Next by Date: Serwis - 5392: [ONTP SP] [SECURITY] [DSA 2229-1] spip security update
Next by thread: Re: Hash algorithms used by APT to verify authenticity of installed files.
Index(es):
- Date
- Thread