Hi, Niels Thykier wrote: > If you are interested in keeping apt-zip in Jessie, then please include > a fix for #718376 (I promoted it to grave) and also (have the > maintainers) commit to maintaining it for Jessie as well. JFTR: I've had a closer look at #718376 and now that I understand the control flow, I must say that this bug report doesn't look RC to me anymore. "This package contains some code to verify .deb files in the wget method, but it only handles data.tar.gz deb members, it's at least missing support" sounds scary, yes, but isn't: * The mentioned code is _only_ run if the downloading system doesn't have an md5sum command to verify the provided hashsum. * The mentioned code only checks for damaged files by using the -t (test) option of compressors (gzip, bzip2, xz, etc.) and archivers (ar, tar). * Hence the mentioned code is only some kind of last resort if all other checks were not available. So IMHO this neither compromises integrity (if that code is run, hashsum based integrity checks already have been skipped) nor does it abort the script (archive format consistency checks are just skipped in case of unknown formats). I'd say either "normal", or "important" at most, as it doesn't really cause a "_major_ effect on the usability of a package, without rendering it completely unusable to everyone". I can also say that Guillem's untested patch looks good except that it misses the ";;" inside the case statement. But I've found another issue while faking a missing md5sum command: I've tried to fake that by using '[ "`type xmd5sum`" ]' instead of '[ "`type md5sum`" ]', but unfortunately that test still returns true and goes down the md5sum road -- at least in dash (and zsh, but not in bash). I'm though not yet sure where exactly the bashism is hidden nor what impact it has when not trying to fake a missing md5sum while md5sum actually is still there. Will write a separate bug report for the latter issue, probably when I've got a proper fix for it. Regards, Axel -- ,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Attachment:
signature.asc
Description: Digital signature