[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About creating .deb packages

* martin f krafft <madduck@debian.org> [050102 15:32]:
> also sprach Bernhard R. Link <blink@informatik.uni-freiburg.de> [2004.12.31.1254 +0100]:
> > When they are generated at install time, there could be bit-switchers
> > arising between unpacking them and calculating their checksums. Also
> > the md5sum files would no longer have a canonical look.[1]
> 
> There could be a bit flip in the distributed md5sums, causing
> a false alarm. 

Are you trying to say "You even get an alarm if the malfunction has 
only hit metadata and no important data yet".
If you want to call this a false alarm, feel free to do so. I won't.

> md5sums is not supposed to guard against broken
> hardware, the only cause I see for such bitflips.

I do not know why you know what it is supposed to do. I also do not
care what it is supposed to do. I'm concerned what it is useful for.
And it is definitly useful.

> If the md5sum of the DEB file validates against the Packages index,
> the package is valid.

Hurray, downloading all installed .deb's, verifying their md5sum,
comparing the files against installed versions is still very slow
on a modern computer connected with 100MBit to the local mirror
(containing even all obsolete and old versions of installed packages).
Not to mention the lack of tool to do this automatically...

Hochachtungsvoll,
  Bernhard R. Link
Reply to: