David Kalnischkies wrote: >On Fri, Aug 2, 2013 at 2:52 PM, Paul Wise <p...@debian.org> wrote: >> If so, here is the list of software that probably needs updating: >> >> dak >> apt/apt-ftparchive >> reprepro >> launchpad >> dpkg-dev >> devscripts >> derivatives census > >(c)debootstrap > >Also, apt-get is forcing MD5 in --print-uris by default because not doing >it used to break all kinds of scripts. I think jigdo was one of them, >no idea if that is really the case and/or if this changed by now. >(not saying they shouldn't be fixed, just that the list is probably longer)
jigdo and debian-cd both use MD5 for tracking and indexing files - debian-cd uses them to assist in generating jigdo files and also as a verification of archive contents as images are built. There should be no security implications in either case as more/stronger checksums are used for verifying the complete images. Changing jigdo to use a different checksum would not be impossible, but very involved and I'm not really convinced it would be worth it. -- Steve McIntyre, Cambridge, UK. st...@einval.com Support the Campaign for Audiovisual Free Expression: http://www.eff.org/cafe/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1v6yxw-0005ru...@mail.einval.com
