Hi Aki, hi Timo, hi list,
On 10/29/25 09:21, Aki Tuomi via dovecot wrote:
Binary packages in https://repo.dovecot.org/
following the instructions for Debian Trixie results in:
Warning: No Hash entry in Release file
/var/lib/apt/lists/partial/repo.dovecot.org_ce-2.4-latest_debian_trixie_dists_trixie_InRelease
which is considered strong enough for security purposes
Error: The repository
'https://repo.dovecot.org/ce-2.4-latest/debian/trixie trixie InRelease'
provides only weak security information.
Notice: Updating from such a repository can't be done securely, and is
therefore disabled by default.
Notice: See apt-secure(8) manpage for repository creation and user
configuration details.
The InRelease is missing SHA256/SHA512 hashes and only has MD5Sum & SHA1
hashes, see
https://wiki.debian.org/DebianRepository/Format#MD5Sum.2C_SHA1.2C_SHA256
("Clients may not use the MD5Sum and SHA1 fields for security purposes,
and must require a SHA256 or a SHA512 field.").
Could you please add at least SHA256 hashes? Otherwise, the repo is
useless for Trixie.
Also found: https://doc.dovecot.org/latest/ and https://doc.dovecot.org/
still redirect to .../2.4.1/ instead of .../2.4.2/ !
Best regards,
--
Patrick Cernko <[email protected]> +49 681 9325 5815
Joint Scientific IT and Technical Service
Max-Planck-Institute für Informatik & Software Systems
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
