diff options
author | David Kalnischkies <david@kalnischkies.de> | 2016-03-14 01:09:32 +0100 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2016-03-14 11:47:19 +0100 |
commit | 4a808deaac462e7714a345dac676c6da294a2ee0 (patch) | |
tree | 56e3034fb37b1339ed0dc946de08448470f707e0 /apt-pkg/acquire.cc | |
parent | 8d0d92558c00d1825e413ce67be51a46a5c18aea (diff) |
require $(HASH)-Download field in .diff/Index files
Now that we ignore SHA1-only files it makes sense to require also the
provision of hashes for the compressed patches as this was introduced in
the same patchset as support for non-SHA1 hashes in the file itself in
dak and adding support in other archive creators (if they support pdiffs
at all) will likely be in the same batch.
The reason for the change itself is simple: If you are 'scared' enough
about the security of SHA1, you shouldn't uncompress a file you haven't
verified at all – after all, it could be exploiting a bug or a zip bomb.
Diffstat (limited to 'apt-pkg/acquire.cc')
0 files changed, 0 insertions, 0 deletions