Re: md5sums files
Don Armstrong <firstname.lastname@example.org> writes:
> On Wed, 03 Mar 2010, Wouter Verhelst wrote:
>> In this day and age of completely and utterly broken MD5, I think we
>> should stop providing these files, and maybe provide something else
>> instead. Like, I dunno, shasums? Or perhaps gpgsigs? But stop
>> providing md5sums.
> Is there any reason why we can't just modify dpkg-deb to create
> DEBIAN/md5sums and DEBIAN/sha512sums and get archive coverage relatively
> quickly, automatically, as things get rebuilt?
Figuring out a better solution for why the files in /var/lib/ispell and
/var/lib/aspell are excluded from the md5sums generation because they
change after installation is probably needed if we're going to remove
creation of those files from control of the packager.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>