[Morphix-devel] Morphix Repository - .deb Hash Sum mismatch

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Alex et al,

Regarding the error seen in sid main-module autobuilds but not etch;
".deb  Hash Sum mismatch"
  http://www.morphix.org/autobuilds/mainmod/sid/morphix-gnome-2007-11-25_0416.log
  http://www.morphix.org/autobuilds/mainmod/etch/morphix-gnome-2007-11-25_0018.log

I notice that each packages in the morphix packages list are now
signed with SHA256, but the release file hs not been signed with
SHA256.
  http://www.morphix.org/debian/unstable/Packages.gz
  http://www.morphix.org/debian/unstable/Release

I think sid requires both the Package and Releases files to be signed
by sha256 now, since apt 0.7.7
http://packages.debian.org/changelogs/pool/main/a/apt/apt_0.7.9/changelog

Sorry do not have a sid machine at the moment to verify, but this is my guess.

'nextime' solved the 'Hash Sum' error for this it for his repository
by forcing to check for md5sum, which his release file was signed
against.

Regards,
Brendan