[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How APT signs packages

On 2012-10-19 12:43 +0200, Lars Nooden wrote:

> On Fri, 19 Oct 2012, Florian Ernst wrote:
> ...
>> ***apt has supported sha256 checksums since version 0.7.7, so these will
>> be used in lenny and future releases. --JoeyHess
>> ----- >8 -----
>> 
>> in the comments of the very same page as well as check your
>> /var/lib/apt/lists/*_{Release,Packages} for verification.
>
> Thanks.  One comment claimed that from Lenny onwards SHA256 checksums 
> would be used.  But in Squeeze, *_Release still has MD5 checksums, at 
> least for the repository I have.  So it looks like the infrastructure 
> supports SHA but it's still needed to do the tedious work of migration.

The Release files contain MD5, SHA1 and SHA256 checksums, and apt uses
the strongest of those.

Cheers,
       Sven
Reply to: