summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-03-14 01:09:32 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2016-03-14 11:47:19 +0100
commit4a808deaac462e7714a345dac676c6da294a2ee0 (patch)
tree56e3034fb37b1339ed0dc946de08448470f707e0 /apt-pkg/acquire.cc
parent8d0d92558c00d1825e413ce67be51a46a5c18aea (diff)
require $(HASH)-Download field in .diff/Index files
Now that we ignore SHA1-only files it makes sense to require also the provision of hashes for the compressed patches as this was introduced in the same patchset as support for non-SHA1 hashes in the file itself in dak and adding support in other archive creators (if they support pdiffs at all) will likely be in the same batch. The reason for the change itself is simple: If you are 'scared' enough about the security of SHA1, you shouldn't uncompress a file you haven't verified at all – after all, it could be exploiting a bug or a zip bomb.
Diffstat (limited to 'apt-pkg/acquire.cc')
0 files changed, 0 insertions, 0 deletions