Hi Rhonda, Gerfried Fuchs wrote: > * martin f krafft <madduck@debian.org> [2008-05-01 22:23:34 CEST]: >> also sprach Gerfried Fuchs <rhonda@deb.at> [2008.05.01.1845 +0100]: >>> The thing is, they *have to* check it by hand because it can't be >>> checked with etch tools. Or think they are in a false safety. >> Why not? Maybe I am doing something magic I forgot, but my .dsc >> files have the "Files" section, which the etch tools use. > > Yes. But the etch tools don't check anything else. I still don't get your point then. Apparently you insist in Checksums-Sha1 and Checksums-Sha256 headers being absent. So, the users using plain etch-built packages (without these headers) would have even worse possibilities to verify the affected files than with these headers being present. This sounds to be an even worse disservice than having the additional headers without a tool verifying them automatically. Or did I get something wrong? Regards Micha
Attachment:
signature.asc
Description: OpenPGP digital signature