[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts

Manoj Srivastava <srivasta@debian.org> writes:

> On Mon, 1 Dec 2003 17:12:36 -0500, christophe barbe <christophe@cattlegrid.net> said: 
> > I don't see why adding a md5dsum_are_mandatory clause to the debian
> > policy would be difficult (what would be a good reason to not add
> > md5sum to a package?).

Because without preventing tampering (even accidental) of the md5sums
file its quite useless. Making a md5sums file signature mandatory
would gain you something and takes way less space.

> 	Because it buys little security wise? Because there are
>  solutions one can put in place today that offer better coverage than
>  in package md5sums?


Reply to: