Re: Bug#39299: PROPOSAL] permit/require use of bz2 for source packages
Hi,
>>"Marcus" == Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de> writes:
Marcus> On Thu, Jun 10, 1999 at 11:13:23PM -0500, Manoj Srivastava wrote:
>>
Marcus> That's not 100% sane. Any upstream author who cares should at
Marcus> least provide an additional md5sum for the uncompressed tar
Marcus> file. (For example, it happens that netscape decompresses a
Marcus> *.gz file you d/l.)
Well, we are, then, living in a world that is not sane at
all. All the examples of cryptologically signed sources I can
find are signatures of the archive files (linux kernels, too, are not
quite sane by your definition)
Marcus> Ideally, you would provide md5sums for each file in the
Marcus> archive.
Probably overkill.
Marcus> I think everyone can agree on the compromise to provide
Marcus> bz2/gz sources as equal alternatives, can't we?
You mean when upstream is in bz2, right? In that case, we can
agree.
manoj
--
There are only two kinds of tequila. Good and better.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: