On 02/18/2012 11:48 AM, Thomas Koch wrote: > What about a debhelper script that receives an URL (or set of mirror URLs) and > a SHA1 and does the download and check? If you're going this way, try to peek at the *BSD's ports systems, specifically their 'distinfo' files. SHA1 is not enough, imho. -- Kind regards, --Toni++