Re: Can I check packages integrity with debsums on sums check failed DVDs?

[Sthu Deus <sthu.deus@gmail.com>]

Thank You for Your time and answer, Johannes:

> This is to be expeced. The md5sum is not part of the package. dpkg -S
> searches files belonging to a software package, not files that contain
> the signature of the package.

> What does 'll /var/lib/dpkg/info/ace-of-penguins.md5sums' yield
> (assuming that you have the package ace-of-penguins installed)?

I have no the package installed. What is the ll command do?

> > How I can find out from whence the file has come?  
> 
> Probably not at all. Your files will have the same md5sums no matter
> from where you've got the package (ie. it does not matter, if the
> package is from your DVD someone else's dvd or from some server over the
> internet, as long as the integrity of the files is ok (ie. md5sums).
> 
> To verify you could try 'debsums ace-of-penguins'

Actually, all I wanted here was to find out from which package come the md5sums
for each package - to understand how the check process works.

I want to know, if I can check the integrity of a downloaded package through
FTP and not apt-get. - For if a check sum comes w/ the package - then I can not
trust it.

If the sums come apart, then, can I:

. download and install the package;

. trustworthy run debsums for every package to a check sum filed DVD - to know that the packages are safe?