Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
- To: Stefano Zacchiroli <zack@debian.org>, 572571@bugs.debian.org
- Subject: Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
- From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Date: Fri, 5 Mar 2010 17:51:33 +0100
- Message-id: <20100305165133.GA4251@yellowpig>
- Reply-to: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>, 572571@bugs.debian.org
- In-reply-to: <20100304220045.GA13767@usha.takhisis.invalid>
- References: <874okyuov4.fsf@windlord.stanford.edu> <20100303151752.835b34d3.erikd@mega-nerd.com> <20100303104725.GA18778@celtic.nixsys.be> <slrnhosifd.rmi.trash@kelgar.0x539.de> <4B8EB3B6.4070208@bzed.de> <20100303211921.GA11527@usha.takhisis.invalid> <87tysxt6p3.fsf@windlord.stanford.edu> <20100304081121.GA19497@usha.takhisis.invalid> <87vddb23lx.fsf@windlord.stanford.edu> <20100304220045.GA13767@usha.takhisis.invalid>
On Thu, Mar 04, 2010 at 11:00:45PM +0100, Stefano Zacchiroli wrote:
> Package: debian-policy
> Severity: wishlist
> Version: 3.8.4.0
>
> [ For the full context, see the -devel thread starting at
> http://lists.debian.org/debian-devel/2010/03/msg00038.html ]
>
> On Thu, Mar 04, 2010 at 01:12:26PM -0800, Russ Allbery wrote:
> > > Russ, while we are at it, would you mind a bug report on the policy to
> > > suggest (starting at SHOULD?) to store md5sums in packages?
> >
> > Not that I've had any time to work on Policy (or Lintian) in the last
> > month, but that does seem reasonable to me. It seems to be a widespread
> > best practice already, and a lot of people are turning up in this thread
> > to say that they find it useful.
>
> Here we go.
>
> Currently, packages ships file checksums which are computed at package
> build time by the means of dh_md5sums (usually), and stored under
> /var/lib/dpkg/info/*md5sums. Several people find those checksums
> useful, mostly for file corruption detection a-la CRC.
>
> Empirical tests show that the archive coverage is pretty good, most
> packages seem to ship those checksums.
>
> Hence, there is a desire to turn a similar feature into, for start, a
> SHOULD requirement, meant to become a MUST later on.
If we are moving that way, maybe it would make sense for the checksums
to be generated by dpkg-buildpackage.
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: