I wonder if this bug can be downgraded (or marked squeeze-ignore). The weaknesses of MD5 are well-known, and support for it should be deprecated, but I don't think that needs to be done for squeeze.
Post-squeeze, the solution should fail for md5 signatures by default. It should require an explicit command-line argument like "--md5-ok" for backwards compatibility. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
