Re: md5sum proposal
On Tue, May 25, 1999 at 04:42:13PM -0500, Manoj Srivastava wrote:
> Putting things in the packaging system so that we can be sure
> they have it in the system is really silly, seeing that we have this
> marvelous dependency mechanism.
Maybe, maybe not. How would it work as a dependency? Would it be
installed at the time of the initial debian installation? Then how does
it get updated when new packages are installed? If it updates
automatically, how do you keep it from updating the signatures of files
that were corrupted? If it doesn't update automatically, do we prompt
the user after every install? I guess one approach would be to update
any files that are in a newly installed package, but I think that would
still take some integration with the packaging system.
> (Do you know what it means when a package is deemed Essential?)
Were you being condescending or did this come across badly?
[snip]
> If you want this to be on the system by default, make
> the security package essential (I would object to that, though). This
> is really a very poor argument for including stuff in the packaging
> system when it does not belong there.
I would never advocate this on security grounds; I think it's a good way
to tell if a user accidently screwed something up, but I don't think
trying to automate a security checksum is a good idea. (The removable
media issue isn't something I'd want to get into for a default install.)
Mike Stone
Reply to: