Hi!
On Tue, 2023-11-28 at 14:57:10 -0800, Russ Allbery wrote:
> Dimitri John Ledkov writes:
> > Dak currently requires Checksums-Sha1, but I am happy to facilitate in
> > patching dak to make Checksums-Sha1 optional if this bug report is
> > accepted.
>
> The field is documented as mandatory
Hi,
On Wed, 29 Nov 2023 at 00:05, Holger Levsen wrote:
>
> hi,
>
> snapshot.d.o also uses sha1 sums, at least internally, but I'd not
> surprised if also for external verification.
At the moment I am trying to focus on contents of .dsc and .changes
only, not the InReleases Packages etc files.
hi,
snapshot.d.o also uses sha1 sums, at least internally, but I'd not
surprised if also for external verification.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
Reporter:
Dimitri John Ledkov writes:
> Dak currently requires Checksums-Sha1, but I am happy to facilitate in
> patching dak to make Checksums-Sha1 optional if this bug report is
> accepted.
The field is documented as mandatory precisely because DAK requires it,
which makes it mandatory for Debian
Package: debian-policy
Version: 4.6.2.0
Severity: wishlist
Tags: patch
Dear Maintainer,
SHA1 is an obsolete checksum method. For example NIST recommends to
phase out all usage of SHA1 by 2030. Currently it is generated in .dsc
and .changes files and validated. It does not bring any additional
5 matches
Mail list logo
