Adrian Bunk writes: > I want to do a MBF for all packages without a SHA256 checksum field > in the .dsc [1] - only SHA1 as hash would not be good in stretch.
Why? The Sources index should have a stronger hash either way. If you care about stronger hashes in the .dsc itself, wouldn't the .dsc itself be need to be signed by a stronger hash? I would expect there are still a lot more .dsc with "Hash: SHA1" in the archive. Ansgar
