Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)

To: Stefano Zacchiroli <zack@debian.org>, 572571@bugs.debian.org
Subject: Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
Date: Fri, 5 Mar 2010 17:51:33 +0100
Message-id: <20100305165133.GA4251@yellowpig>
Reply-to: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>, 572571@bugs.debian.org
In-reply-to: <20100304220045.GA13767@usha.takhisis.invalid>
References: <874okyuov4.fsf@windlord.stanford.edu> <20100303151752.835b34d3.erikd@mega-nerd.com> <20100303104725.GA18778@celtic.nixsys.be> <slrnhosifd.rmi.trash@kelgar.0x539.de> <4B8EB3B6.4070208@bzed.de> <20100303211921.GA11527@usha.takhisis.invalid> <87tysxt6p3.fsf@windlord.stanford.edu> <20100304081121.GA19497@usha.takhisis.invalid> <87vddb23lx.fsf@windlord.stanford.edu> <20100304220045.GA13767@usha.takhisis.invalid>

On Thu, Mar 04, 2010 at 11:00:45PM +0100, Stefano Zacchiroli wrote:
> Package: debian-policy
> Severity: wishlist
> Version: 3.8.4.0
> 
> [ For the full context, see the -devel thread starting at
>   http://lists.debian.org/debian-devel/2010/03/msg00038.html ]
> 
> On Thu, Mar 04, 2010 at 01:12:26PM -0800, Russ Allbery wrote:
> > > Russ, while we are at it, would you mind a bug report on the policy to
> > > suggest (starting at SHOULD?) to store md5sums in packages?
> > 
> > Not that I've had any time to work on Policy (or Lintian) in the last
> > month, but that does seem reasonable to me.  It seems to be a widespread
> > best practice already, and a lot of people are turning up in this thread
> > to say that they find it useful.
> 
> Here we go.
> 
> Currently, packages ships file checksums which are computed at package
> build time by the means of dh_md5sums (usually), and stored under
> /var/lib/dpkg/info/*md5sums.  Several people find those checksums
> useful, mostly for file corruption detection a-la CRC.
> 
> Empirical tests show that the archive coverage is pretty good, most
> packages seem to ship those checksums.
> 
> Hence, there is a desire to turn a similar feature into, for start, a
> SHOULD requirement, meant to become a MUST later on.

If we are moving that way, maybe it would make sense for the checksums
to be generated by dpkg-buildpackage.

Cheers,
-- 
Bill. <ballombe@debian.org>

Imagine a large red swirl here.

Reply to:

Follow-Ups:
- Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
  - From: Stefano Zacchiroli <zack@debian.org>

Prev by Date: Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
Next by Date: Re: Removing the manpage requirement for GUI programs?
Previous by thread: Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
Next by thread: Bug#572571: packages SHOULD ship checksums (a-la dh_md5sums, but better)
Index(es):
- Date
- Thread