[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System integrity...

On Mon, Jun 14, 1999 at 03:53:58PM +0200, Petr Cech wrote:
> On Sat, Jun 12, 1999 at 06:43:55PM +1000 , Chris Leishman wrote:
> > Hi all,
> > 
> [snip]
> > 
> > Is this possible to achieve given the existing packaging system framework?
> > Is anyone interested in this idea, or interested in taking it further?
> There was/is a discussion about including md5sums (see other followups) in
> .deb package on debian-policy.
> 				Petr Cech

Well...the discussion there is regarding 'pristine' source, and md5sums of
upstream releases (with regards to repackaging ustream source as .tar.bz2).

What we're discussing is the md5sums of the installed package contents,
with the following questions/suggestions:

1)  Is it policy that a package must contain a DEBIAN/md5sums file? 
    (not all do). Should it be?

2)  Is it possible to create an easily accessable copy of these md5sums
    on the debian servers (similar to package lists, or perhaps as a .md5sums
	 to go alongside the .deb) so that people can easily verify the integrity
	 of an installation, without relying on potentially modified local versions
	 of the md5sums (as is currently used by the debsums utility).

I'll CC this to debian-policy..


       As a computer, I find your faith in technology amusing.
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5

Attachment: pgpig_NLurM9R.pgp
Description: PGP signature

Reply to: