On 2024-11-07 15:45, David Campbell wrote:
To whom it may concern,dpkg currently uses MD5 to verify packages, but MD5 is considered insecure, why not switch to SHA256 (and also update lintian)?
Do you have any evidence that there has been an attempt to post bogus packages to the official mirrors?
-- Jonathan
