On Sun, Oct 30, 2005 at 08:18:39AM -0600, Manoj Srivastava wrote: > I do believe that this is far better done in dpkg -- and thus > the underlying bug to fix is 155676. Once that is done, we'll all get > md5sums automatically. In the meanwhile, one can always use debsums > manually to get the md5sums locally.
Well, there's a quite big difference between in-package-shipped md5sums generated at package creation time and md5sums generated after installation where a lot of modifications can just have happened inbetween. Once Debian packages are signed, md5sums shipped within the package are far more trustworthy than locally post-install generated ones. And even now without signed package I'm still able to (re-)fetch the in-package md5sums from some trusted source and check them against my local installation - provided there *are* in-package shipped md5sums :) Shipping md5sums within the package is widely-used since dh_md5sums exists. The kernel packages are one of the fews that don't do it. That's why I think that adding md5sums capability to kernel-package would be a good idea. Thanks for your work & regards Mario -- There are two major products that come from Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson
signature.asc
Description: Digital signature
