Re: Packages for adoption
* martin f krafft <madduck@debian.org> [2008-04-27 17:24:36 CEST]:
> also sprach Gerfried Fuchs <rhonda@deb.at> [2008.04.27.1307 +0400]:
> > The sha checksums isn't checked by dpkg-source on etch and thus
> > could contain what it wants, making users believe in a false
> > safety due to that it doesn't only contain md5 sums but also sha
> > sums. I consider this a bad thing, users shouldn't be lured into
> > false (because of not-existent) safety.
>
> You know of a user who actually checks these checksums by hand???
The thing is, they *have to* check it by hand because it can't be
checked with etch tools. Or think they are in a false safety.
> Anyway, the issue is not that I am faking checksums.
And how can the user be sure of that without checking them by hand?
So long,
Rhonda
Reply to: