Bug#806459: warn if Release file includes only broken hashes

Hi! Is this ticket still open by mistake? The code from https://salsa.debian.org/apt-team/apt/-/commit/bd4a8f5 appears to be still present in repo (with minor changes). The detection of weak hash and one of improved warning messages can be demonstrated in apt 2.6.1 with following test scenario.

Bug#806459:

Hi, David. > There should probably be a message mentioning the issue rather than a confusing hashsum mismatch through, so I am not going to ignore the bug as such. True... considering as a distribution maintainer it took me nearly three days to figure out (the second day I decided to file a bug),

Bug#806459:

Control: severity -1 wishlist Control: retitle -1 warn if Release file includes only broken hashes On Sun, Nov 29, 2015 at 11:21:44AM -0700, Jeff Bai wrote: > Please ignore this bug! The issue can be solved with adding SHA1 and SHA256 > hash sum information to the Release file. There should proba

Bug#806459:

Please ignore this bug! The issue can be solved with adding SHA1 and SHA256 hash sum information to the Release file. We only provided MD5Sum before, and that apparently annoys Apt 1.1. Bug extra security for the users, eh? Sorry for the trouble.