[Bug 1078697] Re: Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages

[William Grant]

This needs fixing in apt-ftparchive before Launchpad can do anything.

Also, MD5 collisions aren't hugely concerning here. It's a preimage that
would be more of a problem, and there's no serious preimage attack known
on MD5 today. I agree that this isn't a good situation, but it's not
"everything is broken with a few hours of computation" bad.

** Also affects: apt (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1078697

Title:
  Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages

Status in Launchpad itself:
  Triaged
Status in “apt” package in Ubuntu:
  New

Bug description:
  As part of the Debian derivatives census, we are doing some checks on
  all derivatives. We noticed that a number of source packages are missing
  SHA-1/SHA-256 hashes. You may have inherited this issue from Debian, we
  had the same issue until recently. Here are some sample messages from
  the report below, which is generated daily.

  WARNING: source cvstrac 2.0.1-3: SHA-256 hashes but no hash for the dsc file
  WARNING: source cvstrac 2.0.1-3: SHA-1 hashes but no hash for the dsc file
  WARNING: source diveintopython 5.4-2ubuntu2: no SHA-256 hash
  WARNING: source diveintopython 5.4-2ubuntu2: no SHA-1 hash

  http://dex.alioth.debian.org/census/Ubuntu/check-package-list

  Please ignore the warnings about GPG and InRelease stuff, they are due
  to python-apt not supporting some things in Debian squeeze.

   affects launchpad
   subscribe ubuntu-archive

  -- 
  bye,
  pabs

  http://wiki.debian.org/PaulWise

To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1078697/+subscriptions