[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package Verification

>> I'd like to suggest another field to be automatically added to the
>> "Packages" files that exist at the top of each hierarchy in the
>> distribution.  I'd like to see a "Checksum:" field that can be used to
>> verify the correct download of these packages.  I think including both
>> an 'md5sum' and a (filesize) would be best as the file size would
>> allow a reasonable check on non-Debian systems and the 'md5sum' would
>> allow absolute verification before installation.
>> Example:
>> checksum: d14d384e0895986bc9f2b09f0a8b84fc (295393)
>> The reason for this is so programs like 'dftp' can verify that they
>> retrieved the packages correctly before attempting to install them.
>Eventually dpkg will have its own support for package verification.
>Also, the format you propose can't be used as input to `md5sum -c'.

This is fine, but it doesn't help with verifying packages on
non-Debian systems as is required by people who must do an actual FTP
from another machine.  As for the format, feel free to alter it.  I
figured I would be parsing this line out of the Packages file, anyway.
As long as it has file size, there is at least some sort of
verification that can be done regardless of the machine being used.

                                 ( bcwhite@bnr.ca )

    In theory, theory and practice are the same.  In practice, they're not.

Reply to: