Bug#545236: marked as done (use SHA512 for checksums instead of SHA256)

Thu, 28 Jan 2010 14:18:34 -0800 

Your message dated Thu, 28 Jan 2010 23:07:35 +0100
with message-id <[email protected]>
and subject line closing
has caused the Debian Bug report #545236,
regarding use SHA512 for checksums instead of SHA256
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
545236: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545236
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ttf-mscorefonts-installer
Version: 3.0
Severity: wishlist

Hi.
May I suggest that you use SH512 instead of SHA256 for checksuming the downloaded files, for security reasons?
Apart from that,.. great that you verify this in order to keep everything validated and verified. 


Best wishes,
Chris.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages ttf-mscorefonts-installer depends on:
ii cabextract 1.2-3 a program to extract Microsoft Cab ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy ii defoma 0.11.10-1 Debian Font Manager -- automatic f 
ii  wget                          1.11.4-4   retrieves files from the web
ii xfonts-utils 1:7.4+2 X Window System font utility progr 

Versions of packages ttf-mscorefonts-installer recommends:
ii ttf-liberation 1.04.93-1 Free fonts with the same metrics a ii x-ttcidfont-conf 32 TrueType and CID fonts configurati 

ttf-mscorefonts-installer suggests no packages.

-- debconf information:
* msttcorefonts/http_proxy:
* msttcorefonts/dlurl:
* msttcorefonts/savedir:
  msttcorefonts/baddldir:
* msttcorefonts/dldir:

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

--- End Message ---
--- Begin Message --- 
> Well... it was just a suggestion,... SHA1 is not yet broken either,..
> but it shows the first deficiencies,.... and (although the recent
> AES256 attacks showed us the opposite),... one should normally thing
> that the higher hash could be better.

As long as apt still uses SHA256 we don't gain anything by changing
msttcorefonts for this; as SHA256 isn't broken I'm closing this request.


Thijs

--- End Message ---

Reply via email to