pkg-perl-maintainers team mailing list archive

Thread
Date

[Bug 1100295] Re: MD5 is insecure, add modern hashing

To: pkg-perl-maintainers@xxxxxxxxxxxxxxxxxxx
From: Anders Kaseorg <andersk@xxxxxxx>
Date: Fri, 08 Jan 2016 21:23:45 -0000
Reply-to: Bug 1100295 <1100295@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

No. apt uses the archive’s SHA-256 hashes to verify packages when they
are initially downloaded, but debsums is for re-checking the installed
files after installation, and the only currently available per-file
hashes are MD5.

See https://wiki.debian.org/Sha256sumsInPackages for some prior work in
this area (though it has seen essentially no updates for five years).

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to debsums in Ubuntu.
https://bugs.launchpad.net/bugs/1100295

Title:
  MD5 is insecure, add modern hashing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/debsums/+bug/1100295/+subscriptions