Hi, Am 06.09.2016 um 06:43 schrieb Mike Ingle: > or rely on calling dpkg to ask the version.
Yes, I'm afraid that is the only feasible way - at least to my knowledge. You could also check some hashes. However dpkg (AFAIK) does not offer an "--verify" option, so you have to do it for your own. Apparently some checksums are also stored in /var/lib/dpkg/info/<package>.md5sums, but probably not all. Furthermore there is a debsums package [1]. First of all you obviously need to browse the package sources and try to find out which version(s) have a particular patch already applied. Best regards, Karol Babioch [1]: https://serverfault.com/questions/322518/can-dpkg-verify-files-from-an-installed-package P.S.: My personal opinion: The whole Debian approach is a mess. Rather than contributing upstream and trying to improve the code there, they are making frankenstein builds that were never intended in this way by the upstream projects. Nobody knows which patches they do and do not backport and in general Debian packages are massively outdated.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
