[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

On Thu, 15 Apr 2010, Goswin von Brederlow wrote:
> > My only wish at this point is to avoid exploding the number of
> > small administrative files in /var/lib/dpkg/info/ due to this new feature.
> 
> The introduction of multiarch will need to change the way metadata is
> stored there. Since some change is needed anyway it might be a good time
> to adapt to the increase in files stored there and use some subdirs.
> Maybe even have one dir per package.

My concern is not about the number of files per directory, my concern is
the overall number of files eating 4 Kb of filesystem space for
a few hundreds of bytes each in reality. 

> > The biggest downside in your approach is that it's somewhat painful to
> > ensure that all the content of the package is signed. If the checksums
> > files is incomplete, what is supposed to happen? Is that something that
> > dpkg should take care of or should that be outside the scope of dpkg?
> 
> Yes, dpkg should create the checksum file.

Even if it creates a checksum file, someone could always hand-edit the
package to add files not listed in the checksum files and we need to
decide whether that's something that needs to be catched and if yes by
whom and at what point.

Cheers,
-- 
Raphaël Hertzog

Like what I do? Sponsor me: http://ouaza.com/wp/2010/01/05/5-years-of-freexian/
My Debian goals: http://ouaza.com/wp/2010/01/09/debian-related-goals-for-2010/
Reply to: