Re: Latest OOo Etch update -7etch1 depends on different libneon

[ resend, I just saw even -release and -openoffice were in the mail... ] Hi, Kevin B. McCarty wrote: > I noticed that the latest OpenOffice.org security update in Etch > (version 2.0.4.dfsg.2-7etch1, which fixed DSA 1307) depends on libneon25 > whereas the previous Etch version (2.0.4.dfsg.2-5etc

[EMAIL PROTECTED]: Re: Latest OOo Etch update -7etch1 depends on different libneon]

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 *sigh*. too late... Typoed the email address. Forward... - - Forwarded message from Rene Engelhard <[EMAIL PROTECTED]> - Date: Wed, 13 Jun 2007 01:43:30 +0200 From: Rene Engelhard <[EMAIL PROTECTED]> To: "Kevin B. McCarty" <[EMAIL PROTECTED]>

Re: Time to replace MD5?

Bernd Eckenfels wrote: > Because open source is all about choice. So it's there because of a platitude? > There might be admins using dpkg -i > or security officers who build their local mirrors manually. Then why don't we include md5sums and wget commands for all packages in stable point releas

Re: Time to replace MD5?

On Wed, Jun 13, 2007 at 12:40:41AM +0200, Bernd Eckenfels wrote: > In article <[EMAIL PROTECTED]> you wrote: > > I don't understand why DSAs for etch include md5sums and manual upgrade > > instructions at all. Apt can verify the checksum and gpg signature and > > handle the upgrade after all, and

Re: Time to replace MD5?

In article <[EMAIL PROTECTED]> you wrote: > I don't understand why DSAs for etch include md5sums and manual upgrade > instructions at all. Apt can verify the checksum and gpg signature and > handle the upgrade after all, and probably more securely than the > average user following the manual instru

Latest OOo Etch update -7etch1 depends on different libneon

Hi, I noticed that the latest OpenOffice.org security update in Etch (version 2.0.4.dfsg.2-7etch1, which fixed DSA 1307) depends on libneon25 whereas the previous Etch version (2.0.4.dfsg.2-5etch1) depended instead on libneon26. Are changes in the depended package names, which require a dist-upgr

Re: Time to replace MD5?

Touko Korpela wrote: > Debian Security Advisories currently contain MD5 checksums. As MD5 is no > longer strong enough, maybe it should be replaced by SHA1 or SHA256? I don't understand why DSAs for etch include md5sums and manual upgrade instructions at all. Apt can verify the checksum and gpg s

Re: Time to replace MD5?

On Tue, 12 Jun 2007, Touko Korpela wrote: > Debian Security Advisories currently contain MD5 checksums. As MD5 is no > longer strong enough, maybe it should be replaced by SHA1 or SHA256? When combined with size information AND the fact that it needs to be a valid .deb archive, they are probably

Time to replace MD5?

Debian Security Advisories currently contain MD5 checksums. As MD5 is no longer strong enough, maybe it should be replaced by SHA1 or SHA256? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]