Re: md5sums files

To: debian-devel@lists.debian.org
Subject: Re: md5sums files
From: Peter Samuelson <peter@p12n.org>
Date: Fri, 5 Mar 2010 14:10:42 -0600
Message-id: <[🔎] 20100305201042.GL18278@p12n.org>
In-reply-to: <[🔎] 871vfyziay.fsf@frosties.localdomain>
References: <[🔎] 20100303020620.GA17083@celtic.nixsys.be> <[🔎] 20100303160510.GF18278@p12n.org> <[🔎] 20100303191810.GE13644@radis.liafa.jussieu.fr> <[🔎] 871vfyziay.fsf@frosties.localdomain>

> > On Wed, Mar  3, 2010 at 10:05:11 -0600, Peter Samuelson wrote:
> >> fundamentally, shipping a md5sums file is really just a tradeoff in
> >> download size vs. installation speed, not unlike gzip vs. bzip2.  One

> Julien Cristau <jcristau@debian.org> writes:
> > Only if you assume that disks never fail and thus files never get
> > corrupted when the package gets unpacked.

[Goswin von Brederlow]
> Or the memory, the cpu, the pci bus, the ide bus, ... have a bit
> toggler. There are many ways file can be corrupted between being
> downloaded (where apt checks them) and them being unpacked and
> checksumed locally.

Be that as it may, I don't think the md5sums file was ever intended to
be an integrity check of the .deb itself.  Fortunately, the .deb also
includes checksums of control.tar.gz and data.tar.gz, thanks to use of
the gzip container format.
-- 
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/

Reply to:

Follow-Ups:
- Re: md5sums files
  - From: Goswin von Brederlow <goswin-v-b@web.de>

References:
- md5sums files
  - From: Wouter Verhelst <wouter@debian.org>
- Re: md5sums files
  - From: Peter Samuelson <peter@p12n.org>
- Re: md5sums files
  - From: Julien Cristau <jcristau@debian.org>
- Re: md5sums files
  - From: Goswin von Brederlow <goswin-v-b@web.de>

Prev by Date: Re: md5sums files
Next by Date: Re: Removing the manpage requirement for GUI programs?
Previous by thread: Re: md5sums files
Next by thread: Re: md5sums files
Index(es):
- Date
- Thread