Re: are md5sums mandatory for all packages?

[James Troup <J.J.Troup@scm.brad.ac.uk>]

Milan Zamazal <pdm@informatics.muni.cz> writes:

> > I still fail to see any advantages in what even you admit is a
> > half baked security solution. There is a better, more secure, real
> > solution in terms of tripwire.
> 
> But we have none -- tripwire is non-free software.

When has that ever stopped Debian?  We use a non-free MTA on for
handling our mail, we insist on our packages' .dsc and .changes files
being signed by the non-free PGP and we encourage people to connect to
master and va with the non-free ssh.  "do what I say, not what I do"

-- 
James