Bug#423902: apt should use both md5 and sha1

To: 423902@bugs.debian.org
Subject: Bug#423902: apt should use both md5 and sha1
From: Simon Paillard <simon.paillard@resel.enst-bretagne.fr>
Date: Wed, 11 Nov 2009 22:49:58 +0100
Message-id: <[🔎] 20091111214958.GA30250@dedibox.ebzao.info>
Reply-to: Simon Paillard <simon.paillard@resel.enst-bretagne.fr>, 423902@bugs.debian.org
In-reply-to: <20070608201246.GD20230@top.ping.de>
References: <fe4da5070705141320i27935cf9qc20b84ef26ead30e@mail.gmail.com> <20070608201246.GD20230@top.ping.de>

On Fri, Jun 08, 2007 at 10:12:46PM +0200, Michael Vogt wrote:
> On Mon, May 14, 2007 at 10:20:18PM +0200, Thomas Geyer wrote:
> > Package: apt
> > Version: 0.6.46.4
> > Severity: wishlist
> > 
> > Collisions for md5 and sha1 were found allready,
> > so it's likely, that in the nearer future one of them alone won't be
> > safe enough.
> > 
> > Since it is harder to find collisions for two checksums than for one,
> > apt should use both of them at the same time for verifying packages.
> 
> There is a sha256 branch in bzr already that should solve this problem
> in the future. As Colin pointed out, just using both hashes will not
> improve security.

This sha256 has been merged since apt 0.7.7, I guess this bug is no
longer applicable.

apt (0.7.7) unstable; urgency=low

  [ Michael Vogt ]
[..]
  * merged apt--sha256 branch to fully support the new
    sha256 checksums in the Packages and Release files
    (ABI break)


-- 
Simon Paillard

Reply to:

Prev by Date: Bug#555797: apt: [INTL:it] Italian translation not update
Next by Date: Bug#555825: apt: [INTL:it] Italian translation not update
Previous by thread: Bug#471671: marked as done (apt freeze on gutsy)
Next by thread: Bug#555825: apt: [INTL:it] Italian translation not update
Index(es):
- Date
- Thread