Re: md5sums files
On Wed, Mar 03, 2010 at 05:41:26PM -0600, Peter Samuelson wrote:
> [Harald Braumann]
> > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP.
> > > This could be before, during, or after the deb is unpacked.
> > If you create the hashes at unpack time, you don't catch errors that
> > happen during unpack.
> You mean errors reading the data.tar.gz file? That is what the gzip
> checksum is for, as I said later in my email.
Errors writing a file.
If there should be support in the future for signing hash files, then
creating them would have to be done at package creation time anyway.
Also, I think, that it is in general better to have as much complexity
as possible in the package builder and make the client tools as dumb