Bug#164889: md5sum <FILE produces spurious ` -' in output
I would like to refer bugs #164591 and #164889 (these are merged, and
I'm the submitter of the latter) to the committee. Below you'll find
my summary of the issue. (In the summary, `you' refers to the package
maintainer.)
I sent Adam (via the BTS) this summary on the 25th of October, and
asked Adam to comment on it, and chased that up with another mail on
the 30th of October, but he has not responded to the summary. Indeed,
he has made nearly no substantive response to my points and been, in
my view, very unhelpful. See the BTS logs for details.
I would like the committee to overrule the maintainer. In just a
moment I'm going to reopen the bug and reassign it to the committee.
* The question is, what should md5sum < filename do ?
Using /dev/null as an example, the two behaviours are:
Bare: -davenant:~> md5sum </dev/null
d41d8cd98f00b204e9800998ecf8427e
-davenant:~>
Annotated: -anarres:~> md5sum </dev/null
d41d8cd98f00b204e9800998ecf8427e -
-anarres:~>
* Historical context:
Debian has used an md5sum in the dpkg package. This md5sum came
originally from PGP2.x (circa 1992/1993), and was originally
written by Colin Plumb. It produced the bare checksum.
Some time in the last few years, GNU textutils gained a version of
md5sum. This md5sum has slightly different behaviours - it
interprets unexpected input slightly differently for md5sum -c, and
it also produces the annotated output in the case at issue.
As I recall (but I could be wrong) the dpkg md5sum was, when
textutils gained its own md5sum, briefly retired in favour of the
textutils one. However, the dpkg one was quickly restored, mainly
because of the behavioural differences, including the annotation
when taking input from stdin.
Most recently, a version of dpkg has been uploaded whose md5sum has
been modified to produce the annotated output.
* You claim that the annotated behaviour is superior.
You are concerned with compatibility with the textutils md5sum, and
contend that this is more important than the benefits I cite below.
* I claim that the annotated behaviour is inferior, for two reasons:
Firstly, it is less convenient. When md5sum is used in scripts and
the like, it is significantly eaiser to use if it doesn't annotate
the output, but just produces the bare checksum (in hex, with a
trailing newline, of course). While the advantage for any
individual caller is small, the extra complexity and risk of bugs
is avoidable, and of course there are many callers of md5sum so the
pain is multiplied.
Secondly, it is not compatible with existing programs. Programs
have been using and relying on the historical behaviour for some
time, and breaking them is a bad idea.
I contend that the textutils md5sum should be changed to match the
PGP2 md5sum (although that's not really a question for Debian).
Thanks,
Ian.
Reply to: