> So I believe the above output NOT to be the result of a breach. My > question is, is it acceptable to have so many important and widely > used packages in *stable* without MD5 checksums? Hi, sarge is not stable anymore. Etch went stable as of August 15th.