Re: md5sums files (was Re: over 30000 bugs in our archive (!))

To: Joey Hess <joey@kitenet.net>
Cc: Debian Policy <debian-policy@lists.debian.org>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: md5sums files (was Re: over 30000 bugs in our archive (!))
From: Christian Schwarz <schwarz@monet.m.isar.de>
Date: Mon, 9 Feb 1998 22:13:00 +0100 (CET)
Message-id: <[🔎] Pine.LNX.3.96.980209220659.18499C-100000@monet>
In-reply-to: <19980209114725.35296@kite>

[I CC: this to debian-devel since I think this is of public intrest.
Please send any follow ups _only_ to debian-policy.]

On Mon, 9 Feb 1998, Joey Hess wrote:

> More problems I'm seeing as a view the lintian output -
> 
> The lack of an md5sums file is flagged as an error. However, I'm not aware
> of any policy that says we need one. I personally like the md5sums files,
> but I thought lintian was bound by policy, so why is it reporting this as a
> bug?

It's not. Packages which don't have an md5sums control file are ignored by
this Lintian check script.

However, if a package has a md5sums control file, lintian checks whether
this file matches the actual package contents. 

For the maintainers with md5sums-bugs: Most problems with md5sums appear
if the debian/tmp directory is touched _after_ debstd (or the
corresponding debhelper script) is run. Furthermore, there was a buggy
debstd which included the DEBIAN/ files in the md5sums files too. In this
case, you rebuild the package with the current deb-make package.

> Also, lintian files it as a bug if a conffile is not listed in the
> md5sums file. Debhelper's dh_md5sums program, which makes md5sum files,
> excludes conffiles from md5sum files on purpose, becuase that info is
> duplicated elsewhere. So every debhelper package with a conffile gets a
> linitan error message.

Good point. (The current Lintian script simply unpacks the .deb and
compares _all_ files in that directory tree against the md5sums files.
With that, conffiles are also covered.)

So the question is: should a md5sums file contain conffiles too?

> We need to get a consensus on whether
> 
> 1. md5sum files should be required by policy.
[snip]

Note, that md5sums was only introduced by deb-make some time ago and never
has been widely discussed. AFAIR, a better solution than md5sums files
would be to store more information about the unpacked files, as setuid
bits, etc.

Thanks,

Chris

--                  Christian Schwarz
                   schwarz@monet.m.isar.de, schwarz@schwarz-online.com
                  schwarz@debian.org, schwarz@mathematik.tu-muenchen.de

                PGP-fp: 8F 61 EB 6D CF 23 CA D7  34 05 14 5C C8 DC 22 BA

 CS Software goes online! Visit our new home page at
 	                                     http://www.schwarz-online.com

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: over 30000 bugs in our archive (!)
Next by Date: Re: over 30000 bugs in our archive (!)
Previous by thread: Re: Bug#17959: pgp-i: new upstream version
Next by thread: new jove editor package
Index(es):
- Date
- Thread