[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

On Wed, Mar 03, 2010 at 05:41:26PM -0600, Peter Samuelson wrote:
> [Harald Braumann]
> > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP.
> > > This could be before, during, or after the deb is unpacked.
> > If you create the hashes at unpack time, you don't catch errors that
> > happen during unpack.
> You mean errors reading the data.tar.gz file?  That is what the gzip
> checksum is for, as I said later in my email.

Errors writing a file. 

If there should be support in the future for signing hash files, then
creating them would have to be done at package creation time anyway. 

Also, I think, that it is in general better to have as much complexity
as possible in the package builder and make the client tools as dumb
as possible.


Reply to: