On Fri, Dec 7, 2018 at 11:05 PM Colin Watson <cjwat...@debian.org> wrote: > > On Fri, Dec 07, 2018 at 02:06:50PM +0100, Fabiano Fidêncio wrote: > > Paul, > > > > > http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/SHA256SUMS > > > > This one could be used if we'd have the "Description" entry as we do > > in http://ftp.debian.org/debian/dists/stretch/Release > > Do you think that adding the "Description" entry to the > > current/images/SHA256SUMS file would be easier/more secure than adding > > the ".treeinfo" file under > > http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/ ? > > The SHA256SUMS file is expected to be valid input to "sha256sum -c", so > any extra metadata would have to live somewhere else. >
Hmm. I see. :-/ So, what about the ".treeinfo" file suggestion? :-) Having the ".treeinfo" suggestion would be easiest and more reliable way for libosinfo (and, consequently, virt-manager/GNOME Boxes) to consume the install trees. But we'd be more than happy if there was at least one file, any file, under the install tree that we could reliably parser in order to get the version we're dealing with. One of the things we thought was to check http://ftp.debian.org/debian/dists/stretch/main/installer-amd64/current/images/MANIFEST.udebs for "deb8", "deb9" ... but it's not reliable as there's not such suffix for testing packages. More than that, even if it would for Debian ... we'd have to have this very same discussion we're having here with Ubuntu folks, while if something like the ".treeinfo" suggestion is adopted, Ubuntu would also adopt that for free. Best Regards, -- Fabiano Fidêncio
