Hello Raphael, On Fri, 2010-03-19 at 09:04 +0100, Raphael Hertzog wrote: > On Mon, 08 Mar 2010, Frank Lin PIAT wrote: > > Please find a patch attached that allow (and recommends) to provide > > sha256sums. (During a "transition period", we encourage people to > > provide both SHA and MD5, so existing setup don't get broken). > > I'm not sure we should push for this right now. On the dpkg Roadmap, > there's already stuff concerning all this: > > http://wiki.debian.org/Teams/Dpkg/RoadMap > Merge back debsums: > * Generate checksums at build and install time. > http://bugs.debian.org/155676 > * Store metadata from .deb at install time. > * Add a new dpkg-foo to verify, restore, etc metadata.
I wasn't aware of that roadmap. I am actually working on an improved proposal, that goes far beyond checksumming, because checksumming isn't enough for security purpose. (file permissions, owner, symlinks...) Knowing what we want to do is one thing, knowing where we do it is another issue. We can solve one problem at a time. Thank you for pointing this, Franklin -- ... Unix philosophy: do one thing only, and do it well. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
