[ fully quoting my original request, for the sake of context preservation ]
On Fri, Aug 17, 2007 at 09:04:13AM +0200, Luk Claes wrote: > Stefano Zacchiroli wrote: >> [ Assuming is not too late to propose release goals of course ] >> Hi, a long time ago we were wondering to have DEBIAN/md5sums generated >> for all packages in the archive ... and we are still wondering! >> Can we make it a release goal for lenny? >> Cheers >> >> PS thanks to Romain Francoise which reminded me of this with his blog >> entry >> (http://blog.orebokech.com/2007/08/debian-packages-without-md5sums.html) > > With more than 600 issues, it's a bit early to make it a release goal IMHO. > Though making maintainers aware by upgrading the lintian check to a warning > and discussion on debian-devel about which exceptions are warranted (and > possible mass bug filing) will probably be a good idea to get the amount > reduced rather fast... Ok, moving the discussion to -devel then. Please reply there, people. In an attempt to prevent drift to a well-known counter argument: DEBIAN/md5sums (used by debsums) are *not* intended as a mean to counter security attacks, since they can be easily altered. Rather, they are useful as a general mechanism to check if something got corrupted due to hardware/software failures and can be used to spot which packages need to be reinstalled. Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ............... now what? [EMAIL PROTECTED],debian.org,bononia.it} -%- http://www.bononia.it/zack/ (15:56:48) Zack: e la demo dema ? /\ All one has to do is hit the (15:57:15) Bac: no, la demo scema \/ right keys at the right time
signature.asc
Description: Digital signature
