Package: dpkg-sig Version: 0.13.1+nmu4 Severity: important Dear Maintainer,
currently dpkg-sig uses MD5/SHA1 for the digest. Both are insufficient for integrity protection and according to the Debian Wiki SHA-1 is being phased out. We would like to continue using dpkg-sig and would contribute to a new version, but I wanted to first check with you before coming up with a new digest format and submitting a patch. * Is submitting a patch the preferred way to contribute? * Is backwards compatibility also in the case of remote dpkg-sig required? * Any other considerations? Rgds Konstantinos
