Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

Control: tags -1 + patch Hi, The attached patch is based on having libdebian-installer_bug856210_v3.patch applied: * libdebian-installer4-dev would not change its name * sum[1] is already empty/unusable * sum[0] would become the sha256 field Thanks, Regards, -- Steven Chamberlain

Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

Hi, Bastian Blank wrote: > I was not able to provide a real fix as I'm rather time constrained. Don't worry, I'm prepared to write patches. But I wonder: * is it okay to drop MD5 support, when implementing SHA256? * must we fix this before the stretch release? or otherwise, would it

Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

On Sun, Feb 26, 2017 at 04:32:43PM +, Steven Chamberlain wrote: > To date, cdebootstrap still only implements MD5 verification of .deb > files, despite its formal deprecation as a digital signature algorithm > by RFC6151 (2011) and recommendations of academic literature years > prior. I was

Bug#856212: cdebootstrap: please implement SHA256 verification of .deb files

Source: cdebootstrap Version: 0.7.6 Severity: grave Tags: security X-Debbugs-Cc: secur...@debian.org User: debian-rele...@lists.debian.org Usertags: bsp-2017-02-de-Berlin Control: block -1 by 856210 Hi, To date, cdebootstrap still only implements MD5 verification of .deb files, despite its