On 19 May 1999, Manoj Srivastava wrote:
> Christoph> plus you only have the checksums of the files *after* they
> Christoph> were unpacked.
>
> This is an advantage. This allows me to have the md5sums of
> the config files after I modified them. This also allows one to add
> other directories and files to the checked list.
md5sums are a verficiation of permanently installed files guaranteering
their integrity and not of user customizations. I think those issues need
to be separate.
> Christoph> With md5sums you have the checksums of the files on the
> Christoph> *maintainers* system and there is a verification that the
> Christoph> files are the *same* as the maintainer generated
> Christoph> them. That is what I want.
>
> And you do not trust the md5sum of the .deb (you do check
> that, don't you?). The md5sum of the .deb file, signed by the
> maintainer, and accepted by dinstall, guarantees you everything that
> the md5sum would. Apt even checks the md5sum of the packages
> downloaded.
Nope. The md5sum of the deb does not allow me to figure out which
individual file was corrupted.
-----------------------------------------------------------------------------
Christoph Lameter (MS CS, M.Div.) http://lameter.com
Adjunct Professor (CS & Rel) University of Phoenix
-----------------------------------------------------------------------------
