Your message dated Fri, 11 Aug 2017 12:44:51 -0700 with message-id <87o9rlx51o.fsf@iris.silentflame.com> and subject line Closing inactive Policy bugs has caused the Debian Bug report #572571, regarding packages SHOULD ship checksums (a-la dh_md5sums, but better) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 572571: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572571 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: packages SHOULD ship checksums (a-la dh_md5sums, but better)
- From: Stefano Zacchiroli <zack@debian.org>
- Date: Thu, 4 Mar 2010 23:00:45 +0100
- Message-id: <20100304220045.GA13767@usha.takhisis.invalid>
- In-reply-to: <87vddb23lx.fsf@windlord.stanford.edu>
- References: <20100303020620.GA17083@celtic.nixsys.be> <874okyuov4.fsf@windlord.stanford.edu> <20100303151752.835b34d3.erikd@mega-nerd.com> <20100303104725.GA18778@celtic.nixsys.be> <slrnhosifd.rmi.trash@kelgar.0x539.de> <4B8EB3B6.4070208@bzed.de> <20100303211921.GA11527@usha.takhisis.invalid> <87tysxt6p3.fsf@windlord.stanford.edu> <20100304081121.GA19497@usha.takhisis.invalid> <87vddb23lx.fsf@windlord.stanford.edu>
Package: debian-policy Severity: wishlist Version: 3.8.4.0 [ For the full context, see the -devel thread starting at http://lists.debian.org/debian-devel/2010/03/msg00038.html ] On Thu, Mar 04, 2010 at 01:12:26PM -0800, Russ Allbery wrote: > > Russ, while we are at it, would you mind a bug report on the policy to > > suggest (starting at SHOULD?) to store md5sums in packages? > > Not that I've had any time to work on Policy (or Lintian) in the last > month, but that does seem reasonable to me. It seems to be a widespread > best practice already, and a lot of people are turning up in this thread > to say that they find it useful. Here we go. Currently, packages ships file checksums which are computed at package build time by the means of dh_md5sums (usually), and stored under /var/lib/dpkg/info/*md5sums. Several people find those checksums useful, mostly for file corruption detection a-la CRC. Empirical tests show that the archive coverage is pretty good, most packages seem to ship those checksums. Hence, there is a desire to turn a similar feature into, for start, a SHOULD requirement, meant to become a MUST later on. However, a few generality shortcomings should probably be addressed, such as the usage of different checksumming mechanisms. Even though the intented purpose of those checksums is not intrusion detection, it would be nice to use stronger checksums such as sha1 and, more generally, to not have the specific kind of checksum used carved in stone. Thanks for considering, Cheers. -- Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7 zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/ Dietro un grande uomo c'è ..| . |. Et ne m'en veux pas si je te tutoie sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aimeAttachment: signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
- To: 617938-close@bugs.debian.org, 688363-close@bugs.debian.org, 821363-close@bugs.debian.org, 192571-close@bugs.debian.org, 215549-close@bugs.debian.org, 263448-close@bugs.debian.org, 276160-close@bugs.debian.org, 408500-close@bugs.debian.org, 562863-close@bugs.debian.org, 587377-close@bugs.debian.org, 592564-close@bugs.debian.org, 656569-close@bugs.debian.org, 663917-close@bugs.debian.org, 683570-close@bugs.debian.org, 684673-close@bugs.debian.org, 697134-close@bugs.debian.org, 704233-close@bugs.debian.org, 727754-close@bugs.debian.org, 737559-close@bugs.debian.org, 795783-close@bugs.debian.org, 832654-close@bugs.debian.org, 71621-close@bugs.debian.org, 120418-close@bugs.debian.org, 267142-close@bugs.debian.org, 291631-close@bugs.debian.org, 338219-close@bugs.debian.org, 375502-close@bugs.debian.org, 391240-close@bugs.debian.org, 397939-close@bugs.debian.org, 400112-close@bugs.debian.org, 412668-close@bugs.debian.org, 431109-close@bugs.debian.org, 457364-close@bugs.debian.org, 458824-close@bugs.debian.org, 462996-close@bugs.debian.org, 465140-close@bugs.debian.org, 466550-close@bugs.debian.org, 485559-close@bugs.debian.org, 491055-close@bugs.debian.org, 492144-close@bugs.debian.org, 521810-close@bugs.debian.org, 525843-close@bugs.debian.org, 528453-close@bugs.debian.org, 535577-close@bugs.debian.org, 541872-close@bugs.debian.org, 543417-close@bugs.debian.org, 549910-close@bugs.debian.org, 554194-close@bugs.debian.org, 570141-close@bugs.debian.org, 572571-close@bugs.debian.org, 580135-close@bugs.debian.org, 593177-close@bugs.debian.org, 610298-close@bugs.debian.org, 633994-close@bugs.debian.org, 660705-close@bugs.debian.org, 642914-close@bugs.debian.org, 663762-close@bugs.debian.org, 671503-close@bugs.debian.org, 681289-close@bugs.debian.org, 685992-close@bugs.debian.org, 690495-close@bugs.debian.org, 694384-close@bugs.debian.org, 775318-close@bugs.debian.org, 798714-close@bugs.debian.org, 524461-close@bugs.debian.org, 555981-close@bugs.debian.org, 682282-close@bugs.debian.org, 686143-close@bugs.debian.org, 515837-close@bugs.debian.org, 779506-close@bugs.debian.org, 628174-close@bugs.debian.org, 661417-close@bugs.debian.org, 681562-close@bugs.debian.org, 490605-close@bugs.debian.org, 647570-close@bugs.debian.org
- Subject: Closing inactive Policy bugs
- From: Sean Whitton <spwhitton@spwhitton.name>
- Date: Fri, 11 Aug 2017 12:44:51 -0700
- Message-id: <87o9rlx51o.fsf@iris.silentflame.com>
control: user debian-policy@packages.debian.org control: usertag -1 +obsolete control: tag -1 +wontfix Russ Allbery and I did a round of in-person bug triage at DebConf17 and we are closing this bug as inactive. The reasons for closing fall into the following categories, from most frequent to least frequent: - issue is appropriate for Policy, there is a consensus on how to fix the problem, but preparing the patch is very time-consuming and no-one has volunteered to do it, and we do not judge the issue to be important enough to keep an open bug around; - issue is appropriate for Policy but there does not yet exist a consensus on what should change, and no recent discussion. A fresh discussion might allow us to reach consensus, and the messages in the old bug are unlikely to help very much; or - issue is not appropriate for Policy. If you feel this bug is still relevant and want to restart the discussion, you can re-open the bug. However, please consider instead opening a new bug with a message that summarises and condenses the previous discussion, updates the report for the current state of Debian, and makes clear exactly what you think should change. A lot of these old bugs have long side tangents and numerous messages, and that old discussion is not necessarily helpful for figuring out what Debian Policy should say today. -- Sean WhittonAttachment: signature.asc
Description: PGP signature
--- End Message ---