[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages for adoption

* martin f krafft <madduck@debian.org> [2008-05-01 22:23:34 CEST]:
> also sprach Gerfried Fuchs <rhonda@deb.at> [2008.05.01.1845 +0100]:
> >  The thing is, they *have to* check it by hand because it can't be
> >  checked with etch tools. Or think they are in a false safety.
> Why not? Maybe I am doing something magic I forgot, but my .dsc
> files have the "Files" section, which the etch tools use.

 Yes. But the etch tools don't check anything else.
 Given that md5sum faking is pretty easy these days and that users
are either are not aware that the Checksum-Sha* is checked (and seem to
think they are safe) or otherwise they have to (repeating myself) check
them by hand on themself which is pretty annoying and unconvenient, I
don't think this is a good idea. This is both a disservice to the
uninformed as also to those that want to be safe.

 So long,
Rhonda [who won't repeat herself again in this thread]

Reply to: