> > Sorry, I'm not a Debian developer so honestly don't know all the policies or > processes behind making debs. But, it seems clear to me that if you use the > pkg+version+arch as your UUID then a change in the md5sum caused by adding a > signature would not effect the "UUID" and therefore be moot. When I say any > change in the "binary package" I mean any change in the binary files that > get installed when the package is installed. I'm not talking about a change > in the deb file itself. > > Or am I totally confused?
you are not confused, just not seeing everything (-: user does: $ apt-get source $ cd source $ dpkg-buildpackage # this builds the deb this will build a deb with the exact same name+arch+version as the one he downloaded. However the tool that built it will add a different UUID because these are generated at build time. So NEW UUID does not equal release UUID and we know something happened. Bumping the version of a kernel makes sense, but what if i comipile a package because I did not like the maintainer's choice of compile options? The current build tools do not make too much differentiation between a user compiling a deb and the actual maintainer -- so when would the version get bumped?
