[Bug 1078697] Re: Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages

[David Kalnischkies]

If you wait a bit longer the fix for apt-ftparchive is 3 years old: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567343
That is rev 1875.1.95 in bzr and what pabs refers to as until recently (minus the time needed to get this onto ftp-master box of course) as far as I know.

And of course @mdeslaur, apt-get source does more than just checking
MD5. It does what it does for all other downloads as well: Take the
"best" checksum it knows and is available for checking if it isn't
forced to use another (Acquire::ForceHash). What it does do with MD5
only is checking if the file on the disc matches the file we would
download and if it does skipping the download as already done, which
should be fixed (so that we can drop MD5 at some point) but has no real
security implications as someone with write access to your local disk in
that directory has better things to do …

** Bug watch added: Debian Bug tracker #567343
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567343

-- 
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1078697

Title:
  Ubuntu archive is missing SHA-1/SHA-256 hashes for some packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1078697/+subscriptions