RE: New field proposed, UUID
> -----Original Message-----
> From: Sean 'Shaleh' Perry [mailto:shaleh@valinux.com]
> > Your UUID is the pkg+version+arch. From my viewpoint it's
> as simple as
> > that. Maybe the official policy needs to be updated so
> that it is clear
> > that any change to the binary packages, including just
> compile time changes,
> > requires a version update? That way you could change your
> "sigs" as often
> > as you'd like but you would know that a particular build
> was a particular
> > build.
>
> Ben neglected to talk about the signing policy ....
>
> You compile your package and upload it (signed by you) to
> unstable. 6 months
> later, when we are ready to release the Release Manager has a
> Release Key and
> the packages themselves are signed by this key. Using
> md5sums fail here
> because the contents of the deb have changed (the sig was
> added). The version
> number should not be bumped because there is no packaging change.
Sorry, I'm not a Debian developer so honestly don't know all the policies or
processes behind making debs. But, it seems clear to me that if you use the
pkg+version+arch as your UUID then a change in the md5sum caused by adding a
signature would not effect the "UUID" and therefore be moot. When I say any
change in the "binary package" I mean any change in the binary files that
get installed when the package is installed. I'm not talking about a change
in the deb file itself.
Or am I totally confused?
Fred Reimer
Eclipsys Corporation
Reply to: