Daniel Silverstone wrote: > Attached is a patch which updates the 'functions' shell file to use SHA1 > instead of MD5. It also updates the perl chunk at the bottom, but obviously > does not update the version of pkginfo available in the bootstrap-base udeb. > This needs updating also, otherwise new installs will fail.
Also, busybox in d-i needs to be updated to enable the checksum utility used. Currently it only has md5sum. But, is sha1 really what we want to check? Even the oldstable Release file has sha256, and while there is some risk that will be replaced with sha512, it is not broken like sha1 is. So I think we should use it for now. This would probably be a good opportunity to parameterize the sha size that is used, with a switch or at least a configuration variable. -- see shy jo
signature.asc
Description: Digital signature
