pkg-perl-maintainers team mailing list archive

Thread
Date

[Bug 1100295] Re: MD5 is insecure, add modern hashing

To: pkg-perl-maintainers@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1100295@xxxxxxxxxxxxxxxxxx>
Date: Fri, 02 Sep 2016 22:27:04 -0000
Reply-to: Bug 1100295 <1100295@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

I marked it "wontfix" because it seems to most accurately reflect the
state of things; the Ubuntu security team does not have resources to
propose these kinds of changes for dpkg, and considering the threat
model that debsums/dpkg's file md5sums are designed to address, it's
easy to see why no one else has provided patches for this yet either.

It's just not a common threat model: assume that an adversary can
overwrite something important but *not* the database or the tools that
maintain it or the libraries and kernel needed by those tools.

Thanks

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to debsums in Ubuntu.
https://bugs.launchpad.net/bugs/1100295

Title:
  MD5 is insecure, add modern hashing

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-gnome/+bug/1100295/+subscriptions