Control: tags -1 + patch
Hi,
The attached patch is based on having
libdebian-installer_bug856210_v3.patch applied:
* libdebian-installer4-dev would not change its name
* sum[1] is already empty/unusable
* sum[0] would become the sha256 field
Thanks,
Regards,
--
Steven Chamberlain
Hi,
Bastian Blank wrote:
> I was not able to provide a real fix as I'm rather time constrained.
Don't worry, I'm prepared to write patches. But I wonder:
* is it okay to drop MD5 support, when implementing SHA256?
* must we fix this before the stretch release? or otherwise, would it
On Sun, Feb 26, 2017 at 04:32:43PM +, Steven Chamberlain wrote:
> To date, cdebootstrap still only implements MD5 verification of .deb
> files, despite its formal deprecation as a digital signature algorithm
> by RFC6151 (2011) and recommendations of academic literature years
> prior.
I was
Source: cdebootstrap
Version: 0.7.6
Severity: grave
Tags: security
X-Debbugs-Cc: secur...@debian.org
User: debian-rele...@lists.debian.org
Usertags: bsp-2017-02-de-Berlin
Control: block -1 by 856210
Hi,
To date, cdebootstrap still only implements MD5 verification of .deb
files, despite its
4 matches
Mail list logo