[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: are md5sums mandatory for all packages?

[I've moved this discussion to debian-policy. Please remove the CC to
debian-private when replying.]

On Tue, 16 Dec 1997, Radu Duta wrote:

> I just ran these two commands.
> 
> # ls -al /var/lib/dpkg/info/*.md5sums | wc
>      93     837    8367
> 
> # ls -al /var/lib/dpkg/info/*.list |wc  
>     259    2331   22654
> 
> If every package had a md5sum then there should be a md5sum for
> every .list file, right?  

Right, but current policy does not require any package to include such a
file. The reason for this is (AFAIK) that the development of md5sum has
not been coordinated "officially" but has been implemented by a few
developers on their own.

However, as md5sum's in packages seem to make sense and a lot of people
are already using them, we should definitely discuss if we want to make
this policy.

Note, that we should probably also discuss a way to PGP sign packages. 

Comments?


Thanks,

Chris

--          _,,     Christian Schwarz
           / o \__   schwarz@monet.m.isar.de, schwarz@schwarz-online.com,
           !   ___;   schwarz@debian.org, schwarz@mathematik.tu-muenchen.de
           \  /        
  \\\______/  !        PGP-fp: 8F 61 EB 6D CF 23 CA D7  34 05 14 5C C8 DC 22 BA
   \          /         http://fatman.mathematik.tu-muenchen.de/~schwarz/
-.-.,---,-,-..---,-,-.,----.-.-
  "DIE ENTE BLEIBT DRAUSSEN!"
Reply to: