[Bug 1098738] Re: apt-get source only checks md5 hashes in Sources files
David Kalnischkies
1098738 at bugs.launchpad.net
Sat Jan 12 12:37:25 UTC 2013
(I should have read all mails before answering some)
Setting to incomplete as I have no idea where you get that idea from.
Can you please elaborate?
For history proposes, copy from https://bugs.launchpad.net/launchpad/+bug/1078697/comments/15:
"And of course @mdeslaur, apt-get source does more than just checking MD5. It does what it does for all other downloads as well: Take the "best" checksum it knows and is available for checking if it isn't forced to use another (Acquire::ForceHash). What it does do with MD5 only is checking if the file on the disc matches the file we would download and if it does skipping the download as already done, which should be fixed (so that we can drop MD5 at some point) but has no real security implications as someone with write access to your local disk in that directory has better things to do …"
** Changed in: apt (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1098738
Title:
apt-get source only checks md5 hashes in Sources files
Status in “apt” package in Ubuntu:
Incomplete
Bug description:
'apt-get source' only validates the md5 hash in the Sources file.
Ideally, it should check the sha hashes also.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098738/+subscriptions
More information about the foundations-bugs
mailing list