[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: proposed release goal: DEBIAN/md5sums for all packages

[ fully quoting my original request, for the sake of context
  preservation ]

On Fri, Aug 17, 2007 at 09:04:13AM +0200, Luk Claes wrote:
> Stefano Zacchiroli wrote:
>> [ Assuming is not too late to propose release goals of course ]
>> Hi, a long time ago we were wondering to have DEBIAN/md5sums generated
>> for all packages in the archive ... and we are still wondering!
>> Can we make it a release goal for lenny?
>> Cheers
>> PS thanks to Romain Francoise which reminded me of this with his blog
>> entry
>> (http://blog.orebokech.com/2007/08/debian-packages-without-md5sums.html)
> With more than 600 issues, it's a bit early to make it a release goal IMHO. 
> Though making maintainers aware by upgrading the lintian check to a warning 
> and discussion on debian-devel about which exceptions are warranted (and 
> possible mass bug filing) will probably be a good idea to get the amount 
> reduced rather fast...

Ok, moving the discussion to -devel then. Please reply there, people.

In an attempt to prevent drift to a well-known counter argument:
DEBIAN/md5sums (used by debsums) are *not* intended as a mean to counter
security attacks, since they can be easily altered.  Rather, they are
useful as a general mechanism to check if something got corrupted due to
hardware/software failures and can be used to spot which packages need
to be reinstalled.


Stefano Zacchiroli -*- PhD in Computer Science ............... now what?
zack@{cs.unibo.it,debian.org,bononia.it} -%- http://www.bononia.it/zack/
(15:56:48)  Zack: e la demo dema ?    /\    All one has to do is hit the
(15:57:15)  Bac: no, la demo scema    \/    right keys at the right time

Attachment: signature.asc
Description: Digital signature

Reply to: