On Thu, 4 Dec 2003 19:30:12 +0100, Javier Fernández-Sanguino Peña <[EMAIL
PROTECTED]> said:
> Why do we have to make each of our users find a solution to generate
> this from a _local_ mirror (or the system's .deb archive which
> shoulnd't be trusted in the event of an intrusion) when we could do
> this ourselves and provide the results?
I have no objections to Debian providing md5sums, as long as
we do not ignore our users running Debian in low disk space
environments -- like zaurii. As long as these files are not in a deb,
and are not mandated to live in /var/lib/dpkg/info; feel free.
> Notice that I'm not necessarily depending on the local md5sums, I'm
> taking a file provided by a vendor, in this case, Debian. Let's call
> it Contents-xxx.md5sum.gz. This file is available for download from
> all Debian mirrors, signed with the Release key and provides these
> three fields for every file in a single Release:
OK.
manoj
--
panic: kernel trap (ignored)
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
