Re: bzip2 for source packages?

[Felix Schroeter <felix@mamba.pond.sub.org>]

Hello!

In article <[🔎] 13626.12150.464737.43696@miles.econ.queensu.ca> you write:
>  Avery>  Could someone explain to me why it's so important to keep sources
>  Avery> "pristine" in this sense?  

>Security. Trojan horses. To be able to compare against digital footprints (eg
>md5sums) from upstream.

>  Avery> I can understand not wanting to
>  Avery> untar-retar the archive, but recompressing it?  Who does that hurt?

>The md5sum changes.

Only if you (IMHO erroneously) take the md5 of the compressed archive.
And a MD5 itself doesn't secure you from trojans, anyway. (If I can change
the MD5ed file, I can often also change the MD5.)

Regards, Felix.


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org