I noted[1] that some derivatives have introduced SHA512 into their Release files (and probably Packages/etc). I was wondering if it is time to drop or deprecate MD5 from the apt metadata and replace it with SHA512 and or SHA-3. Thoughts?
If so, here is the list of software that probably needs updating: dak apt/apt-ftparchive reprepro launchpad dpkg-dev devscripts derivatives census Side note; is there an SHA-3 shared library yet? Side note; is SHA512 accepted/checked by apt in Release files yet? If so it would be great if the spec at [2] could be updated for that. 1. http://dex.alioth.debian.org/census/*/check-package-list 2. https://wiki.debian.org/RepositoryFormat -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/caktje6gfbvbjmcech_j3gwpbokobju261v2crgzz5dag+9e...@mail.gmail.com
