On Sun, Jan 22, 2017 at 12:34:11PM +0100, Bernd Zeimetz wrote:
> afaik people are criticizing that there are still (only) md5sum files in
> /var/lib/dpkg/info. As dpkg --verify uses them, it might indeed make
> sense to replace them.
> (yes, dpkg is not an IDS, but better than nothing...).
I'm wo
On Sun, 2017-01-22 at 13:54:26 +0100, Philipp Kern wrote:
> On 22.01.2017 12:34, Bernd Zeimetz wrote:
> > afaik people are criticizing that there are still (only) md5sum files in
> > /var/lib/dpkg/info. As dpkg --verify uses them, it might indeed make
> > sense to replace them.
> > (yes, dpkg is no
On 22.01.2017 12:34, Bernd Zeimetz wrote:
> afaik people are criticizing that there are still (only) md5sum files in
> /var/lib/dpkg/info. As dpkg --verify uses them, it might indeed make
> sense to replace them.
> (yes, dpkg is not an IDS, but better than nothing...).
Originally the thread was ab
On 01/22/2017 10:49 AM, Philipp Kern wrote:
> On 22.01.2017 00:17, Holger Levsen wrote:
>> We really ought to do the same. I'm all for keeping sha1+sha256, but
>> please let's *completely* drop md5sums for buster.
>
> We already dropped SHA1, FWIW, so it's md5+sha256. And again, the Oracle
> ann
On 22.01.2017 00:17, Holger Levsen wrote:
> We really ought to do the same. I'm all for keeping sha1+sha256, but
> please let's *completely* drop md5sums for buster.
We already dropped SHA1, FWIW, so it's md5+sha256. And again, the Oracle
announcement was about MD5-only, so isn't relevant to the d
Hi,
I'm sorry but I want to amend myself…
On Sat, Jan 21, 2017 at 05:34:41PM +, Holger Levsen wrote:
> > > (and btw, let's drop md5sums for buster, "maybe", _completly_, or how long
> > > do we want to be joked about?)
> > I'm not sure why you say this. More than one hash is strictly better
>
6 matches
Mail list logo