Bug#849377: debsums: Replace MD5 with a more secure algorithm
Javier Serrano Polo
javier at jasp.net
Mon Dec 26 12:12:19 UTC 2016
Package: debsums
Version: 2.1.3
Severity: wishlist
Tags: security
It would be nice if debsums worked with an algorithm more secure than
MD5. This issue is tracked at
https://wiki.debian.org/Sha256sumsInPackages , but it does not seem to
be any progress. While waiting for a proper solution, could you add this
text to the package description?
"MD5 is considered weak nowadays. Do not rely on debsums to detect
malicious changes."
This concern is because it is easy to craft programs with the same MD5
hash that follow different execution paths.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3386 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20161226/f2a0d0f4/attachment.bin>
More information about the pkg-perl-maintainers
mailing list