what does this mean to the avg hacker ? do we need to fix our kit anyway ?

On 4 June 2016 at 10:50, Russel Winder <russel@winder.org.uk> wrote:
On Fri, 2016-06-03 at 16:20 -0700, Konstantin Boudnik wrote:
> +1 [binding]
>
> signature is ok
> sha1 is ok 
> rat is ok
> builds and produces functional binaries
>
> One small note: sha1 and md5 aren't considered secure, it'd make
> sense to
> switch into gpg generated checksums, perhaps. I can work on that in
> the next a
> couple of days, I guess
>

Just to back this up, Debian now effectively refuses to recognize SHA1
signatures for things. SHA256 or SHA512.

--
Russel.
=============================================================================
Dr Russel Winder      t: +44 20 7585 2200   voip: sip:russel.winder@ekiga.net
41 Buckmaster Road    m: +44 7770 465 077   xmpp: russel@winder.org.uk
London SW11 1EN, UK   w: www.russel.org.uk  skype: russel_winder