Package: debsums Version: 2.1.3 Severity: wishlist Tags: security It would be nice if debsums worked with an algorithm more secure than MD5. This issue is tracked at https://wiki.debian.org/Sha256sumsInPackages , but it does not seem to be any progress. While waiting for a proper solution, could you add this text to the package description?
"MD5 is considered weak nowadays. Do not rely on debsums to detect malicious changes." This concern is because it is easy to craft programs with the same MD5 hash that follow different execution paths.
smime.p7s
Description: S/MIME cryptographic signature