Archive garbage-collection relies on MD5 checksums
Bug #2038345 reported by
Dimitri John Ledkov
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Fix Released
|
High
|
Colin Watson |
Bug Description
archivepublisher improvements
I was looking to remove md5 usage in launchpad archivepublisher.
I have noticed that md5 sum is possibly being used to decide whether to remove files or not.
I'm not sure if that is harmless or security sensitive.
Nowadays with accelerated sha256 widely available there are no reasons to use md5 hash here.
Hence proposing to replace md5 usage in canRemove() with sha256.
I have shared access to private (just in case) repository with this patch to launchpad & canonical-security teams at:
Or git clone lp:~xnox/launchpad/+git/launchpad-private -b deathrow-patch
tags: | added: patch |
To post a comment you must log in.
Can you please make a merge proposal? We don't normally review isolated commits, since that means we can't use our normal commenting tools.