Re: Bug#93612: Support for new archive structure
IMHO is would be easier to include a signed version of md5sums.gz on each
CD. This would still mean the the integrity of the packages could be
checked with confidence and would enable the detection of foreign
packages.
Someone might want to write a script that would automate the process.
Phil.
On Wed, 11 Apr 2001, Raphael Hertzog wrote:
*****
> This is a problem. I *really* don't like having Packages and Sources files
> mentionning files that are not available. It goes against some principles
> I always tried to follow. debian-cd has been written in order to be able
> to generate CD which contains subset of Debian and I don't want to have to
> put the complete Packages file for each CD set we'll create with
> debian-cd.
>
> An acceptable alternative would be to provide Packages.signed and
> Sources.signed that could be checked against Release.gpg and a check for
> a package "validity" would be to compare if the 2 or 3 informations do match
> (Packages, Packages.signed and the package itself).
>
*****
> Unfortunately debian-cd is a bit more complicated. :)
>
> I'm not sure that this is really the way to go. apt-cdrom has been
> designed to be able to use different CDs from different CD set, it will
> build a list of the files mentionned on each CD, so it's a big win that
> each CD only mentions what it does really have !
>
****
-
Philip Charles; 39a Paterson St., Dunedin, New Zealand; +64 3 4882818
Mobile 025 267 9420. I sell GNU/Linux CDs. See http://www.copyleft.co.nz
philipc@copyleft.co.nz - preferred. philipc@debian.org
Reply to: