On Wed, May 18, 2016 at 11:09 PM, Elmar Stellnberger wrote: > Besides these issues; has anyone ever thought of deprecating md5sum-s in > package headers and using sha256sums instead? That would be of great help > for tools like debsums or https://www.elstel.org/debcheckroot.
AFAIK the md5sums in binary package files aren't intended to be a security feature. The package metadata already uses SHA-2. debcheckroot doesn't look like something that could ever do something useful, there are so many files in a Debian rootfs that are dynamically generated from package maintainer scripts rather shipping in the package itself. Run cruft-ng and you will see just how much. -- bye, pabs https://wiki.debian.org/PaulWise
