Re: Bug#540215: Introduce dh_checksums

To: debian-devel@lists.debian.org
Subject: Re: Bug#540215: Introduce dh_checksums
From: Harald Braumann <harry@unheit.net>
Date: Fri, 19 Mar 2010 11:30:42 +0100
Message-id: <[🔎] 20100319103042.GB1000@nn.nn>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87wrx84pnz.fsf@frosties.localdomain>
References: <[🔎] 20100311173710.GC25679@nn.nn> <[🔎] 87aaue898o.fsf@frosties.localdomain> <[🔎] 20100312221356.GJ3902@celtic.nixsys.be> <[🔎] 87eijj7523.fsf@frosties.localdomain> <[🔎] 20100317114158.GA17583@nn.nn> <[🔎] 20100317143631.GA5556@reptile.pseudorandom.co.uk> <[🔎] 87pr32zurw.fsf@windlord.stanford.edu> <[🔎] 87iq8uf5lv.fsf@frosties.localdomain> <[🔎] 20100318113959.GC17583@nn.nn> <[🔎] 87wrx84pnz.fsf@frosties.localdomain>

On Fri, Mar 19, 2010 at 10:38:24AM +0100, Goswin von Brederlow wrote:

> You can always sign the deb. The tools to sign and verify are all
> present. Only ftp-master stands in the way of using that.

I would love signed debs. But this is orthogonal to signed checksum
files and should probably discussed separately.

> And you could automatically download the changes files along with every
> deb and keep all changes files for installed package/version
> locally. Anyway, I don't consider a ftp/http client a lot of
> infrastructure. It would be trivial to write a tool that downloads the
> changes files for every installed package and verifies it.

The central repository is the infrastracture, not the http client. 

> All changes files are already kept. And you would go directly to
> fetching the changes file for the package/version you have
> installed. All it would need is for the changes file archive to become
> public.

If the signature was part of the package, this wasn't needed.

harry

Reply to:

References:
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Simon McVittie <smcv@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: Bug#540215: Introduce dh_checksums
  - From: Harald Braumann <harry@unheit.net>
- Re: Bug#540215: Introduce dh_checksums
  - From: Goswin von Brederlow <goswin-v-b@web.de>

Prev by Date: Re: Bug#540215: Introduce dh_checksums
Next by Date: Re: Bug#574569: ITP: clamz -- A command-line program to download MP3's from Amazon
Previous by thread: Re: Bug#540215: Introduce dh_checksums
Next by thread: Re: Bug#540215: Introduce dh_checksums
Index(es):
- Date
- Thread