[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages for adoption

also sprach Gerfried Fuchs <rhonda@deb.at> [2008.04.27.1307 +0400]:
>  No, so that lenny versions of packages can be used on etch systems. And
> yes, indeed a package doesn't only contain of the binary packages but
> also the source.

Yes, and lenny source packages can be used on etch without

> The sha checksums isn't checked by dpkg-source on etch and thus
> could contain what it wants, making users believe in a false
> safety due to that it doesn't only contain md5 sums but also sha
> sums. I consider this a bad thing, users shouldn't be lured into
> false (because of not-existent) safety.

You know of a user who actually checks these checksums by hand???
Anyway, the issue is not that I am faking checksums.

> > I mean, I see the reason, it's just that I don't want to be a
> > contributing to a project with this kind of philosophy.
>  You don't want to contribute to a project that does tight checking of
> its contents? Then you shouldn't contribute to Debian as a whole because
> there is more tight checking happening in unstable, which I expect you
> to be very much aware of.

Duly noted. I think you're getting ahead of yourself.

 .''`.   martin f. krafft <madduck@debian.org>
: :'  :  proud Debian developer, author, administrator, and user
`. `'`   http://people.debian.org/~madduck - http://debiansystem.info
  `-  Debian - when you have better things to do than fixing systems
people with narrow minds usually have broad tongues.

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)

Reply to: