Bug#503722: debian-cd: Comment "workaround for bug #402482" is WRONG

["David F. Skoll" <dfs@roaringpenguin.com>]

Steve McIntyre wrote:

> Maybe I'm being dense here, but I don't think that
> m/\/.*\/(Packages|Sources)$/o is going to match a file called
> Packages.gz.

Here's the scenario:  Suppose you have the following files that
are found in the order given:

Packages.gz
Packages

Then the original code will:

1) Find Packages.gz and md5sum it into the Release file.

2) Find Packages, gzip it (overwriting and possibly *changing* Packages.gz)
  and then md5sum Packages into the Release file.

Now in Release, the md5sum for Packages.gz is wrong.  This can happen
if (for example) the original version had a different compression level.

The Perl code relied on the "fact" that "find" would always find
Packages before Packages.gz, which happens to be true a lot of the
time, depending on how the files are created and how directory entries
are allocated, but is not true all of the time.

Regards,

David.