Re: packages without .md5sums file?

To: debian-policy@lists.debian.org
Cc: debian-policy@lists.debian.org
Subject: Re: packages without .md5sums file?
From: Jason Gunthorpe <jgg@debian.org>
Date: Mon, 30 Jul 2001 21:04:23 -0600 (MDT)
Message-id: <Pine.LNX.3.96.1010730210005.21344A-100000@wakko.deltatee.com>
In-reply-to: <87snfdrfd3.fsf@glaurung.green-gryphon.com>

On Mon, 30 Jul 2001, Manoj Srivastava wrote:

> 	Not quite. This only requires processing _installed_
>  packages. And yes, there is a rtadeoff; Disk space for the archives,
>  transfers, and CDs' vs processing when a system's integrity is under
>  suspicion. The latter ought to be a rarer event, and shall not
>  affect every user of Debian. 

It seems to me the best solution is to just provide the SHA-1 hash of
something like the .md5sum file in either the Packages file, or a close
sibling of the Packages file.

The dpkg can still optionally build .md5sum on the fly, which is the best
way, and the integrity of the .md5sum's can be checked by *eveyone* quite
quickly, and in a safe manner. Needing to have a cd around to check your
install is rather lame.

BTW, the md5sum file sucks, it should include a complete transcript of the
tar information as well as hashes for normal files. It is also possible
for the ftp archive to have those files appear, apt-ftparchive already
does all the work and caching necessary to make that happen.

Jason

Reply to:

References:
- Re: packages without .md5sums file?
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Bug#100346: seconding this proposal
Next by Date: Bug#100346: seconding this proposal
Previous by thread: Re: packages without .md5sums file?
Next by thread: Bug#106826: Mandate 64-bit file support for file utilities
Index(es):
- Date
- Thread