Re: [RFC] Enhance checksum support

To: debian-dpkg@lists.debian.org
Subject: Re: [RFC] Enhance checksum support
From: Raphael Hertzog <hertzog@debian.org>
Date: Sat, 19 Jan 2008 20:46:15 +0100
Message-id: <[🔎] 20080119194615.GC17570@ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, debian-dpkg@lists.debian.org
In-reply-to: <[🔎] 20080119171545.GG11858@planck.djpig.de>
References: <[🔎] 1200273548-28777-4-git-send-email-djpig@debian.org> <[🔎] 1200273548-28777-1-git-send-email-djpig@debian.org> <[🔎] 1200273548-28777-2-git-send-email-djpig@debian.org> <[🔎] 1200273548-28777-3-git-send-email-djpig@debian.org> <[🔎] 1200273548-28777-1-git-send-email-djpig@debian.org> <[🔎] 1200273548-28777-2-git-send-email-djpig@debian.org> <[🔎] 1200273548-28777-1-git-send-email-djpig@debian.org> <[🔎] 20080114075313.GA31251@ouaza.com> <[🔎] 20080118133855.GB19166@blae.erisian.com.au> <[🔎] 20080119171545.GG11858@planck.djpig.de>

On Sat, 19 Jan 2008, Frank Lichtenheld wrote:
> On Fri, Jan 18, 2008 at 11:38:55PM +1000, Anthony Towns wrote:
> > It'd actually be good to be able to break Files in future, so that we're
> > forced to verify something other than md5sum. Otherwise there will
> > be code that doesn't check it properly, and that will end up being a
> > security problem.
> 
> Hmm, that might indeed be a good idea (the point to remove the Files
> field would be v3 then).

Note it also affects *.changes files.

> So maybe keep the Checksums field and introduce a Contents field that
> contains no checksums, but only the size and the name?
> 
> Checksums:
>   md5 4bf7ff17bd9ddf3846d9065b3c594fb4 foo
>   sha256 28ee6a10eb280ede4b19c1b975aff5533016a26de67ba9212d51ffaea020ce34 foo
> Contents:
>   355 foo
> Files:
>   4bf7ff17bd9ddf3846d9065b3c594fb4 355 foo
> 
> That makes the parsing more robust and eliminates the need to specifiy
> the size of a file more than once. 

Looks good to me. It means we have quite some duplication until we can
drop Files but it's not a big deal IMO.

> If we want we could even declare size also to be a checksum and include
> only the filenames in the Contents field.

This makes sense from the logical point of view as the size is certainly
not useful except to verify that the files are the same... on the other
hand it would need some special casing as it wouldn't be calculated by an
external program. So a slight preference to keep it in Contents for me but
I would'nt mind if you decided the other way.

Cheers,
-- 
Raphaël Hertzog

Le best-seller français mis à jour pour Debian Etch :
http://www.ouaza.com/livre/admin-debian/

Reply to:

Follow-Ups:
- Re: [RFC] Enhance checksum support
  - From: Frank Lichtenheld <djpig@debian.org>

References:
- [PATCH] dpkg-genchanges: Add --checksum option
  - From: Frank Lichtenheld <djpig@debian.org>
- [RFC] Enhance checksum support
  - From: Frank Lichtenheld <djpig@debian.org>
- [PATCH] Dpkg::Checksums: New module with code to determine and verify checksums
  - From: Frank Lichtenheld <djpig@debian.org>
- [PATCH] Use the new Dpkg::Checksums module in scripts
  - From: Frank Lichtenheld <djpig@debian.org>
- Re: [RFC] Enhance checksum support
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: [RFC] Enhance checksum support
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: [RFC] Enhance checksum support
  - From: Frank Lichtenheld <djpig@debian.org>

Prev by Date: Please change dselect override priority to optional
Next by Date: Re: [RFC] Enhance checksum support
Previous by thread: Re: [RFC] Enhance checksum support
Next by thread: Re: [RFC] Enhance checksum support
Index(es):
- Date
- Thread