[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)

On Thu, Mar 04, 2010 at 11:00:45PM +0100, Stefano Zacchiroli wrote:
> Package: debian-policy
> Severity: wishlist
> Version:
> [ For the full context, see the -devel thread starting at
>   http://lists.debian.org/debian-devel/2010/03/msg00038.html ]
> On Thu, Mar 04, 2010 at 01:12:26PM -0800, Russ Allbery wrote:
> > > Russ, while we are at it, would you mind a bug report on the policy to
> > > suggest (starting at SHOULD?) to store md5sums in packages?
> > 
> > Not that I've had any time to work on Policy (or Lintian) in the last
> > month, but that does seem reasonable to me.  It seems to be a widespread
> > best practice already, and a lot of people are turning up in this thread
> > to say that they find it useful.
> Here we go.
> Currently, packages ships file checksums which are computed at package
> build time by the means of dh_md5sums (usually), and stored under
> /var/lib/dpkg/info/*md5sums.  Several people find those checksums
> useful, mostly for file corruption detection a-la CRC.
> Empirical tests show that the archive coverage is pretty good, most
> packages seem to ship those checksums.
> Hence, there is a desire to turn a similar feature into, for start, a
> SHOULD requirement, meant to become a MUST later on.

If we are moving that way, maybe it would make sense for the checksums
to be generated by dpkg-buildpackage.

Bill. <ballombe@debian.org>

Imagine a large red swirl here. 

Reply to: