Mathias Gibbens <gib...@debian.org> writes: > control: tags -1 + confirmed patch > > I disagree that this is a policy violation; the cause of error is > clearly reported. Not sure how the script could be more resilient when > a remote resource has disappeared:
I tend to agree -- the package is in contrib, which I think are entitled to do "bad" things like downloading executables from the Internet and use them? >> broadcom-wl-6.30.163.46.tar.bz2: FAILED >> sha512sum: WARNING: 1 computed checksum did NOT match >> /var/lib/dpkg/info/firmware-b43-installer.postinst: Downloaded >> firmware did not match known SHA512 checksum, aborting. >> dpkg: error processing package firmware-b43-installer (--configure): >> installed firmware-b43-installer package post-installation script >> subprocess returned error exit status 1 > > I did find a mirror of the files on GitHub at > https://github.com/minios-linux/b43-firmware/releases with matching > SHA512 sums. I think an easy fix would be to point the install script > to GitHub, which is probably more reliable long-term. Are these blobs distributable? I suppose not. Maybe having a list of known URLs and have the client try all of them would be more reliable. It may become a cat and mouse chase. /Simon
signature.asc
Description: PGP signature
