RE: New field proposed, UUID

To: Ben Collins <bcollins@debian.org>, Sean 'Shaleh' Perry <shaleh@valinux.com>
Cc: debian-policy@lists.debian.org, debian-dpkg@lists.debian.org
Subject: RE: New field proposed, UUID
From: "Reimer, Fred" <Fred.Reimer@Eclipsys.com>
Date: Wed, 29 Nov 2000 20:15:25 -0500
Message-id: <[🔎] B34839947C5FD2118D9100A0C9D5DE430544861F@atl-nt-ex1.eclipsnet.com>

> -----Original Message-----
> From: Ben Collins [mailto:bcollins@debian.org]
> 
> Plus pkg+version+arch is not always enough. Note (even though it is a
> bug/mistake in it's own right), there are potato/woody 
> packages with the
> same version and arch, that are not the same binary. This is very
> important from a security/signing standpoint.
> 
> Ben

Well then you fix the bugs instead of changing the system.  If there are two
packages with the same pkg+ver+arch and they are actually different I'd
think the preferable "fix" is to release a new "official" package with a new
version number and have everyone install the new package, even if they have
the "good" version installed currently.  As this doesn't, or shouldn't,
happen too often it shouldn't be a big burden for users.  Besides, who
released the two conflicting packages?  They are responsible for their
mistake and should take that responsibility.  Supposedly they signed their
packages before they uploaded them, so there can't be a security issue
there.

I still haven't heard a reasonable explanation of why this is needed (not
that I have a say in what Debian does anyway, I'm just an interested user).
Perhaps if you could outline the security system as others suggested it
would help clarify the issue.

Fred Reimer
Eclipsys Corporation

Reply to:

Prev by Date: Re: New field proposed, UUID
Next by Date: Re: New field proposed, UUID
Previous by thread: Re: New field proposed, UUID
Next by thread: RE: New field proposed, UUID
Index(es):
- Date
- Thread