> until today our Release files included 3 Hashes for all their entries:
> MD5SUM, SHA1, SHA256. I just modified the code to no longer include
> MD5SUM in *all* newly generated Release files.
Right. For now I undo this (with next dinstall run), until either one of
the following happens:
- lenny is gone and the tools are fixed in squeeze with a point
update (provided the SRMs approve such updates, but I *hope* so).
Until today we discovered:
* debootstrap (has a patch IIRC)
* debmirror (fix uploaded)
- wheezy is released. (This is the option I dont really favor, takes
Also note that in the process we found some inconsistencies in the
Sources file output by apt-ftparchive we currently use - it doesn't
provide a Checksum other than MD5 for the .dsc files of a package. Thats
fixed in Squeeze and so will be fixed on ftp-master when we upgrade the
machine to Squeeze, currently scheduled the day before our meeting.
Additionally let me mention that *right* *now* we are not removing MD5
anywhere else (got asked about Packages/Sources files), but that those
are certainly on the list to be done. Ideally we end up with just two
(at least halfway trustable
) hashes everywhere in the archive.
<elmo> [..] trying to avoid extra dependencies on gnumeric is like trying to
plug one hole in the titantic with a bit of tissue paper"
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org