Re: About creating .deb packages

To: debian-mentors@lists.debian.org
Subject: Re: About creating .deb packages
From: "Bernhard R. Link" <brlink@debian.org>
Date: Wed, 12 Jan 2005 17:48:40 +0100
Message-id: <20050112164840.GA13184@mimosa.informatik.uni-freiburg.de>
Mail-followup-to: debian-mentors@lists.debian.org
In-reply-to: <20050112114507.GU13516@cirrus.madduck.net>
References: <20041230065809.74011.qmail@web53105.mail.yahoo.com> <878y7gf65z.fsf@alhambra.bioz.unibas.ch> <20041230105142.GA19931@fishbowl> <20041231115451.GA7164@mimosa.informatik.uni-freiburg.de> <20050102143157.GF16198@cirrus.madduck.net> <20050103095513.GA5108@mimosa.informatik.uni-freiburg.de> <20050112114507.GU13516@cirrus.madduck.net>

* martin f krafft <madduck@debian.org> [050112 12:45]:
> also sprach Bernhard R. Link <brlink@debian.org> [2005.01.03.1055 +0100]:
> > Are you trying to say "You even get an alarm if the malfunction has 
> > only hit metadata and no important data yet".
> 
> metadata? We are talking about MD5 sums, and yes, it does not really
> matter whether the bit flip is in the data or the hash... or can you
> tell which one actually changed?

I know _something_ has changed. Redownloading the .deb I can see which
of the both is changed. I can look what is happening. And reinstall this
package after I deaktivated dma or did whatever else to make the system
work again properly.

> > I do not know why you know what it is supposed to do. I also do not
> > care what it is supposed to do. I'm concerned what it is useful for.
> > And it is definitly useful.
> 
> An integrity checker does the job in a better way -- if used
> properly. And I would be very happy to hear of a good reason for
> debsums other than helping you figure out which files in /usr or
> /lib you modified, as the admin -- which you should not do anyway.

Again, I do not know what you consider as "job" or as "better". But
still debsums is a real, existing and easy solution to a real problem.
If I get to some machine running Debian and having problems, I can
install debsums and let it run. And in both cases of broken hardware
or some admin or program stupidly changing system files it will tell
me. Change the Debian base system to include anything you call a
"integrity checker" in an default install and I may change my opinion,
but until that debsums is integral and important part of Debian
infrastructure, and packages not shipping a .md5sums file a --
thankworthily seldom -- nuisance.

> > > If the md5sum of the DEB file validates against the Packages index,
> > > the package is valid.
> > 
> > Hurray, downloading all installed .deb's, verifying their md5sum,
> > comparing the files against installed versions is still very slow
> > on a modern computer connected with 100MBit to the local mirror
> > (containing even all obsolete and old versions of installed packages).
> > Not to mention the lack of tool to do this automatically...
> 
> I am failing to see your point.

My point is that there is no other solution to the problem. Your
suggestion seems to have been to not have .md5ums file but have alle
.deb files around, which is normally not doable.

Hochachtungsvoll,
  Bernhard R. Link

Reply to:

References:
- Re: About creating .deb packages
  - From: martin f krafft <madduck@debian.org>
- Re: About creating .deb packages
  - From: "Bernhard R. Link" <brlink@debian.org>
- Re: About creating .deb packages
  - From: martin f krafft <madduck@debian.org>

Prev by Date: Re: help in chages necessary for rules file( creating .deb packages)
Next by Date: rfc:ratpoison
Previous by thread: Re: About creating .deb packages
Next by thread: Extracting the ISO image!
Index(es):
- Date
- Thread