[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages with incomplete .md5sum files

2013/1/15 Andreas Beckmann <debian@abeckmann.de>:
> On 2013-01-15 10:29, Julien Cristau wrote:
>> There's no requirement for md5sums files in the first place AFAIK.  How
>> are incomplete md5sums worse than no md5sums?  If anything this stuff
>> should be minor IMO.
>
> If a package is shipping no .md5sum at all, it will be created by dpkg
> at installation time.
>
> A partial .md5sum however will not be "completed". This hides some
> shipped files from debsums, defeating its purpose.
>
> I'm pretty sure modifying *any* shipped files in the maintainer scripts
> should be forbidden, although I didn't find a policy reference for this
> (this is made explicit for conffiles, what about "normal" files?).
> Packages violating this and hiding the fact by excluding the modified
> files from .md5sums ... should be fixed.

There are some cases where debsums should IMHO consider things
differently. In particular I mean those corresponding to files shipped
under "/var" with "d41d8cd98f00b204e9800998ecf8427e" md5sum (empty
files created with touch). These are clearly placeholders, being dpkg
used to remove/reset them instead of doing things from maintainer
scripts. Whether that makes sense or not depends on the package.

-- 
Agustin
Reply to: