[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About creating .deb packages



also sprach Bernhard R. Link <brlink@debian.org> [2005.01.03.1055 +0100]:
> Are you trying to say "You even get an alarm if the malfunction has 
> only hit metadata and no important data yet".

metadata? We are talking about MD5 sums, and yes, it does not really
matter whether the bit flip is in the data or the hash... or can you
tell which one actually changed?

> > md5sums is not supposed to guard against broken
> > hardware, the only cause I see for such bitflips.
> 
> I do not know why you know what it is supposed to do. I also do not
> care what it is supposed to do. I'm concerned what it is useful for.
> And it is definitly useful.

An integrity checker does the job in a better way -- if used
properly. And I would be very happy to hear of a good reason for
debsums other than helping you figure out which files in /usr or
/lib you modified, as the admin -- which you should not do anyway.

> > If the md5sum of the DEB file validates against the Packages index,
> > the package is valid.
> 
> Hurray, downloading all installed .deb's, verifying their md5sum,
> comparing the files against installed versions is still very slow
> on a modern computer connected with 100MBit to the local mirror
> (containing even all obsolete and old versions of installed packages).
> Not to mention the lack of tool to do this automatically...

I am failing to see your point.

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature


Reply to: