Re: debsums for maintainer scripts
On Thu, 04 Dec 2003 17:36:16 +0100, Thomas Viehmann <tv@beamnet.de> said:
> Manoj Srivastava wrote:
>> Before we make such a push, we should at least ensure that it is
>> something we really want to do. I think locally generated checksums
>> are a better solution.
> To me, the main use of md5sums seems to be verifying nothing bad (as
> in accident, not malicious manipulation) happened to the extracted
> files. md5sums included in the packages do that even earlier than
> those generated.
Earlier than what? You already can check the integrity of the
.deb you are installing; don't install corrupted .debs. Now
admittedly there is a window where files can be corrupted between
unpacking and creating the checksums, in which case just run the ar
.. tar -d incantation posted earlier to check the on disk file
_after_ generating the checksum to make sure that that little window
is also closed.
manoj
--
"All my life I wanted to be someone; I guess I should have been more
specific." Jane Wagner
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: