Manoj Srivastava <[EMAIL PROTECTED]> writes:
> On Mon, 1 Dec 2003 17:12:36 -0500, christophe barbe <[EMAIL PROTECTED]> said:
>
> > I don't see why adding a md5dsum_are_mandatory clause to the debian
> > policy would be difficult (what would be a good reason to not add
> > md5sum to a package?).
Because without preventing tampering (even accidental) of the md5sums
file its quite useless. Making a md5sums file signature mandatory
would gain you something and takes way less space.
> Because it buys little security wise? Because there are
> solutions one can put in place today that offer better coverage than
> in package md5sums?
MfG
Goswin
