-apt (1.3~pre3+cmake1) experimental; urgency=medium
-
- Early version of CMake based build system. Translations for the dselect
- method and docbook guides are missing, just as the text docbook guides.
-
- This is mainly intended for checking building, reproducibility, and
- cross-compiling.
-
- This is also the first release since 1999 that re-enabled a thread-local
- _error. It was disabled by jgg back then due to glibc issues, but I really
- hope those are fixed now.
-
- -- Julian Andres Klode <jak@debian.org> Sat, 06 Aug 2016 21:56:19 +0200
+apt (1.4~beta1) unstable; urgency=medium
+
+ Support for GPG signatures using the SHA1 or RIPE-MD/160 hash
+ algorithms has been disabled. Repositories using Release files
+ signed in such a way will stop working. This change has been made
+ due to security considerations, especially with regards to possible
+ further breakthroughs in SHA1 breaking during the lifetime
+ of this APT release series.
+
+ It is possible (but STRONGLY ADVISED AGAINST) to revert to the previous
+ behaviour by setting the options
+ APT::Hashes::SHA1::Weak "yes";
+ APT::Hashes::RIPE-MD/160::Weak "yes";
+ Note that setting these options only affects the verification of the overall
+ repository signature.
+
+ -- Julian Andres Klode <jak@debian.org> Fri, 25 Nov 2016 13:19:32 +0100
apt (1.2~exp1) experimental; urgency=medium
projects / apt.git / blobdiff