I marked it "wontfix" because it seems to most accurately reflect the state of things; the Ubuntu security team does not have resources to propose these kinds of changes for dpkg, and considering the threat model that debsums/dpkg's file md5sums are designed to address, it's easy to see why no one else has provided patches for this yet either.
It's just not a common threat model: assume that an adversary can overwrite something important but *not* the database or the tools that maintain it or the libraries and kernel needed by those tools. Thanks -- You received this bug notification because you are a member of Debian Perl Group, which is subscribed to debsums in Ubuntu. https://bugs.launchpad.net/bugs/1100295 Title: MD5 is insecure, add modern hashing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-gnome/+bug/1100295/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~pkg-perl-maintainers Post to : [email protected] Unsubscribe : https://launchpad.net/~pkg-perl-maintainers More help : https://help.launchpad.net/ListHelp
