[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

Michael Banck <mbanck@debian.org> writes:

> On Fri, Mar 05, 2010 at 07:54:29PM +0100, Goswin von Brederlow wrote:
>> Bernd Zeimetz <bernd@bzed.de> writes:
>> > I think its about time to require to generate checksums for packages and make
>> > all packages which do not do so RC buggy.
>> If a checksum file becomes required then it really is not the job of the
>> package to build it. Instead dpkg should generate one and include it
>> automatically. 
> Following that logic, dpkg should do everything anyway (like rpm), no
> need for debhelper, dh, or anything.

That does not follow. Nobody says "you MUST use debhelper" but people in
this thread want "you MUST have a checksum file".

> I don't think that just because something is required, it should be
> necessarily part of dpkg.  So far, we are talking about a policy of
> including md5sum in our .debs, *not* about changing the .deb format to
> require md5sums (at least, as far as I can tell).

Yes we do. If not having a md5sum (or rather sha256sum) file in the
package is a policy violation of a MUST directive then the .deb format
is effectively changed.

> Once the former works out fine for squeeze, we can still think about
> doing the latter by modifying dpkg-builddeb or something, but I think
> this is premature at this point (in the release cycle).

Doing the later already solves the former without any extra work for any
(other) maintainer. Every single deb being build from then on would
instantly and automatically have the new checksum field. No need for
every maintainer for add a dh_sha256sum to debian/rules. Having every
maintainer add/change the checksum generation just so they can remove it
again in the next phase would be truely pointless. No package would
become RC buggy due to lack of generating the checksum file.


Reply to: