Control: severity 887831 grave On 2019-10-22 12:39:47, Daniel Kahn Gillmor wrote: > I would even posit that temporarily breaking jigdo would be better than > keeping this additional bandwidth cost in play.
Yes. In fact, right now, I can't think of any use case for Jigdo. It's been totally superseded by bittorrent, which is standardized, widely available and much more popular, with multiple client implementations. Fedora stopped shipping their releases with Jigdo in 2011, according to wikipedia: https://en.wikipedia.org/wiki/Jigdo WP also says development has stopped since 2006. On 2019-10-22 19:15:51, Thomas Schmitt wrote: > To my knowledge, jigdo is the only way to get full DVD sets or any BD sized > installation ISO from > https://cdimage.debian.org/cdimage/release/current/amd64/ > > bt-* seems t have what iso-* has. Biggest is the 5.3 GB > debian-edu-10.1.0-amd64-BD-1.iso which would fit on a DVD+R DL, too. > Only the first three DVDs are offered by iso-* and bt-*. If the ISO image generation is broken, it should be fixed. I don't see why we should depend on jigdo for anything anymore. In the meantime, I think it's perfectly acceptable to remove MD5sums from the archive, at the cost of breaking jigdo. Or, to put it another way, it's completely unacceptable that jigdo uses MD5 to authenticate checksums, and if it keeps doing so, we shouldn't ship Debian with it. That is a release-critical bug, severity "grave" with justification "introduces a security hole allowing access to the accounts of users who use the package". A. -- Gods don't like people not doing much work. People who aren't busy all the time might start to think. - Terry Pratchett, Small Gods
signature.asc
Description: PGP signature
