Re: Packages for adoption

To: backports-users@lists.backports.org
Subject: Re: Packages for adoption
From: Gerfried Fuchs <rhonda@deb.at>
Date: Thu, 1 May 2008 19:45:11 +0200
Message-id: <[🔎] 20080501174511.GA1019@asteria.debian.or.at>
Mail-followup-to: backports-users@lists.backports.org
In-reply-to: <20080427152436.GA20582@lapse.madduck.net>
References: <20080426221542.GF8764@apu.snow-crash.org> <20080427052500.GA7327@lapse.madduck.net> <20080427075920.GA11115@asteria.debian.or.at> <20080427084837.GA13959@lapse.madduck.net> <20080427090748.GA28690@asteria.debian.or.at> <20080427152436.GA20582@lapse.madduck.net>

* martin f krafft <madduck@debian.org> [2008-04-27 17:24:36 CEST]:
> also sprach Gerfried Fuchs <rhonda@deb.at> [2008.04.27.1307 +0400]:
> > The sha checksums isn't checked by dpkg-source on etch and thus
> > could contain what it wants, making users believe in a false
> > safety due to that it doesn't only contain md5 sums but also sha
> > sums. I consider this a bad thing, users shouldn't be lured into
> > false (because of not-existent) safety.
> 
> You know of a user who actually checks these checksums by hand???

 The thing is, they *have to* check it by hand because it can't be
checked with etch tools. Or think they are in a false safety.

> Anyway, the issue is not that I am faking checksums.

 And how can the user be sure of that without checking them by hand?

 So long,
Rhonda

Reply to:

Follow-Ups:
- Re: Packages for adoption
  - From: martin f krafft <madduck@debian.org>
- Re: Packages for adoption
  - From: Micha Lenk <micha@lenk.info>

Next by Date: Re: Packages for adoption
Next by thread: Re: Packages for adoption
Index(es):
- Date
- Thread