[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages with incomplete .md5sum files

On 2013-01-15 10:29, Julien Cristau wrote:
> There's no requirement for md5sums files in the first place AFAIK.  How
> are incomplete md5sums worse than no md5sums?  If anything this stuff
> should be minor IMO.

If a package is shipping no .md5sum at all, it will be created by dpkg
at installation time.

A partial .md5sum however will not be "completed". This hides some
shipped files from debsums, defeating its purpose.

I'm pretty sure modifying *any* shipped files in the maintainer scripts
should be forbidden, although I didn't find a policy reference for this
(this is made explicit for conffiles, what about "normal" files?).
Packages violating this and hiding the fact by excluding the modified
files from .md5sums ... should be fixed.


Reply to: