Re: md5sums files
Peter Samuelson <email@example.com> writes:
>> Peter Samuelson <firstname.lastname@example.org> writes:
>> > Be that as it may, I don't think the md5sums file was ever intended to
>> > be an integrity check of the .deb itself. Fortunately, the .deb also
>> > includes checksums of control.tar.gz and data.tar.gz, thanks to use of
>> > the gzip container format.
> [Goswin von Brederlow]
>> That is not about the integrity of the deb. It is about the integrity of
>> the files on the system. And if you do have faulty memory (or any of the
>> other problems) then calculating the checksum locally will have a high
>> risk of calculating it from already corrupted data and miss the error.
> How many times do I have to say "the .deb also includes checksums of
> control.tar.gz and data.tar.gz, thanks to use of the gzip container
> format" before you notice?
You are still missing the point.
- You download and verify the deb with the checksum in Packages.gz.
- You unpack and some bits toggle making files corrupt.
- You generate the md5sum from corrupt data.
- Some time later you notice things don't work right that work
- You verify the file integrity and all files check out fine.
- You miss the problem.
At the point when you need to check the integrity you do not have a
control.tar.gz or data.tar.gz file. You don't have a deb. All you have
is your corrupted data.