On Thu, 2003-12-04 at 11:11, Manoj Srivastava wrote: > That is but one optimization: we already are suffering from > archive bloat, what about the disk and bandwidth cost of carrying > around the sigs? And since one rarely needs the md5sums anyway, what > is so wrong with checking against the .deb when needed? I just took an md5sum of every file on my system. Including things like /var and /home that aren't part of packages. It's 13M, uncompressed. Compressed, it's 3.5M. If we were really worried about archive size, an md5sum is 16 octets. It's hard to see that mattering to overall archive size. > > Its also a warm feeling to run debsums to see the broken memory chip > > one just replaced with a working one has not caused any bit-changes > > in the installed files. If the checksums were created at the same > > system, one has to get them from somewhere else, so there is little > > sense in having them generated at all. > > A warm fuzzy feeling, however, is to be distrusted when > dealing with security and/or system integrity checking. Have you ever met any bit changes that defeat md5? Didn't think so.
Attachment:
signature.asc
Description: This is a digitally signed message part