Quoting Nico Golde <n...@debian.org>:
This is not entirely correct, actually the packages checks md5 hashes (yes, i know this is broken).
Really?! Sorry,.. I must have overlooked this :(
Then may I suggest to switch to something better (e.g. SHA512) and make sure, that installation fails and the user is warned if the sums don't match? :)
Of course you may degrade the priority of this bug :) Best wishes, Chris ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
