I tested this out to confirm Ryan's findings: I downloaded http://archive.ubuntu.com/ubuntu/dists/hardy/Release and http://archive.ubuntu.com/ubuntu/dists/hardy/main/binary- amd64/Packages.gz
"md5sum Packages.gz" matches the md5sum data in the Release file. "sha256sum Packages.gz" does NOT match. These are the correct files, but the sha256 hashes do not appear to be being generated correctly. This is using versions 6.10 of both md5sum and sha256sum, and Release and Packages.gz downloaded from archive.ubuntu.com at 14:51 PDT today. (Full disclosure: Ryan and I work for the same organization.) -- Hardy release files contain invalid SHA256 signatures. https://bugs.launchpad.net/bugs/243630 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
