[Bug 1098738] Re: apt-get source only checks md5 hashes in Sources files
Daniel Hartwig
mandyke at gmail.com
Thu Jan 31 06:59:36 UTC 2013
> For a long time the server had no sha{1,256} information in the Source
> records. But now that it has there seems to be some issues here too,
> e.g. the quantal partner archive has:
> …
> I.e. for the .dsc file there is just a md5, not a sha available
A problem for the current patch which would miss those files.
With an API break, the parser could scan through all fields and store a
list of available hashes on each file. Similar to how
pkgRecords::Parser provides access to each available hash. Subtle
problems like this can be avoided.
> The other issue is that
> technically at this form it breaks API as there is the rename MD5Hash
> -> Hash. We could leave the misleading name I guess.
Keeping the name is not an option. The existing field contains “HASH”,
where as the proposed patch will use it for “TYPE:HASH”. An API break
may be unavoidable to /neatly/ resolve this. Perhaps the additional
type–hash pairs could be stored in an auxillery structure, to avoid an
immediate break. Existing code can still use the MD5Hash field
unchanged.
Other than these issues, it looks ok to me and works, obviously.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1098738
Title:
apt-get source only checks md5 hashes in Sources files
Status in “apt” package in Ubuntu:
In Progress
Bug description:
'apt-get source' only validates the md5 hash in the Sources file.
Ideally, it should check the sha hashes also.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1098738/+subscriptions
More information about the foundations-bugs
mailing list