also sprach Gerfried Fuchs <rhonda@deb.at> [2008.04.27.1307 +0400]: > No, so that lenny versions of packages can be used on etch systems. And > yes, indeed a package doesn't only contain of the binary packages but > also the source. Yes, and lenny source packages can be used on etch without backports.org. > The sha checksums isn't checked by dpkg-source on etch and thus > could contain what it wants, making users believe in a false > safety due to that it doesn't only contain md5 sums but also sha > sums. I consider this a bad thing, users shouldn't be lured into > false (because of not-existent) safety. You know of a user who actually checks these checksums by hand??? Anyway, the issue is not that I am faking checksums. > > I mean, I see the reason, it's just that I don't want to be a > > contributing to a project with this kind of philosophy. > > You don't want to contribute to a project that does tight checking of > its contents? Then you shouldn't contribute to Debian as a whole because > there is more tight checking happening in unstable, which I expect you > to be very much aware of. Duly noted. I think you're getting ahead of yourself. -- .''`. martin f. krafft <madduck@debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems people with narrow minds usually have broad tongues.
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)