On Tue, Mar 15, 2016 at 11:15:16PM +0100, Joerg Jaspert wrote: >Hi, > >I've just activated a few changes to the archive we talk(ed) about for a >long time. And while it is not exactly the start of this release cycle, >it should still work out nicely (so one hopes). > >As of now, InRelease/Release files, Packages and Sources no longer >provide MD5Sum and SHA1sums, only SHA256.
That (Packages and Sources) will break jigdo generation for debian-cd (and hence all CD/DVD/BD builds). We can't fix this easily in a short timescale - current released jigdo clients (both in Debian and externally) use md5 internally to reference files in the archive. Not as a *security* feature; this is the core design of jigdo. >Additionally I turned off generating gzip compressed versions of those >files, xz is there. And that will break various other parts of debian-cd. >To test it, this is limited to experimental. We hope nothing breaks on it, >but lets try for a few days. If that works out, we should adjust >unstable, and another short time later coordinate with the release team >to adjust testing, so it ends up in the next release. Please, no. We need more time than that to fix things up. -- Steve McIntyre, Cambridge, UK. st...@einval.com "I can't ever sleep on planes ... call it irrational if you like, but I'm afraid I'll miss my stop" -- Vivek Das Mohapatra