Comment 9 for bug 1933966

looking at minimal streams, I don't see that CPC has ever published md5 sums. I didn't check every single entry, but sampling the oldest entries for all suites, and newest entries, none have md5. Digging into the code generating streams, I only see calls for generating sha256.

So I'm wondering if something changed in the testing that now specifically demands md5 to be in in the streams. I don't see a change to simplestreams, so the validation has been there for a while. Considering the wide-ranged deprecation of md5, it's probably worth looking at the simplestreams code and updating it to check for md5 and/or sha256

We provide sha256 checksums for all images.