[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

Michael Banck <mbanck@debian.org> writes:

> On Sun, Mar 07, 2010 at 01:25:44AM +0100, Goswin von Brederlow wrote:
>> > I don't think that just because something is required, it should be
>> > necessarily part of dpkg.  So far, we are talking about a policy of
>> > including md5sum in our .debs, *not* about changing the .deb format to
>> > require md5sums (at least, as far as I can tell).
>> Yes we do. If not having a md5sum (or rather sha256sum) file in the
>> package is a policy violation of a MUST directive then the .deb format
>> is effectively changed.
> No, it is not.  Debian is not only consumer of the .deb format these
> days.
> Michael

Then they don't have to include the changes to dpkg that generate the
checksum file if they really don't want it. They will have deb files
then but they won't be Debian policy conformant. Note that nobody says
dpkg should refuse to install debs without md5sum files. That would be

You are actualy making an argument FOR changing dpkg. Because with dpkg
changed 3rd party debs will automatically get checksum files as well
when they update their dpkg without them having to alter their
source. The possibility of them specifically excluding the change out of
dpkg is way less than the likelyhood of them not caring enough to change
their rules file.


Reply to: