Hi all, A few thoughts about these md5sums files:
First, what do we want file md5sums for? As far as I know, the point of the md5sums is to detect accidental corruption of installed files: to check whether you have mistakenly edited an installed script which wasn't a conffile, or to check which packages need reinstalling after you've been careless with "rm". It's not for security (that would (IMHO) need digitally signed certificates from some competent, trusted authority, and a write-protected medium containing a known-clean kernel, the verification tool and everything needed to get it running, and the public key(s) needed to check the certificates). For detecting accidental deletions, I agree with those who've said that there's no point including this information in the package. However, because there are old, slow machines still in use, and because the md5sums file can be big, there needs to be an option not to generate this data. I have a 486DX2/66 PC here, on which I've just md5sumed a 171542382-byte compressed file (approx. 163MBytes), read off an ext2fs on an IDE drive, and got these timings: real 2m44.992s user 1m59.110s sys 0m31.640s That's around a megabyte per second, on an old and creaky 486. If this was integrated into dpkg, that could be done mostly in parallel with writing the file to the disk, and, on a fast machine or one with a slow disk, might not slow down installation at all. But those points have already been made.... The point I wanted to make is that storing the md5sum (or another checksum) of the file isn't enough. We also need to store ownership (user and group), permissions, and, for symlinks, destination. While we're at it, file size and last modification date would be good, too. Arguably, the ownership and permissions of a file are easier to accidentally corrupt than its contents. IIRC, RPM already does this. It has a verify option, which checks md5sums, ownerships and permissions. I just tried to check this, but www.rpm.org, which I'd assume to be a good place to check, seems to be down. Hmm... -- Charles Briscoe-Smith White pages entry, with PGP key: <URL:http://alethea.ukc.ac.uk/wp?95cpb4> PGP public keyprint: 74 68 AB 2E 1C 60 22 94 B8 21 2D 01 DE 66 13 E2
