Peter Samuelson <pe...@p12n.org> writes: >> > On Wed, Mar 3, 2010 at 10:05:11 -0600, Peter Samuelson wrote: >> >> fundamentally, shipping a md5sums file is really just a tradeoff in >> >> download size vs. installation speed, not unlike gzip vs. bzip2. One > >> Julien Cristau <jcris...@debian.org> writes: >> > Only if you assume that disks never fail and thus files never get >> > corrupted when the package gets unpacked. > > [Goswin von Brederlow] >> Or the memory, the cpu, the pci bus, the ide bus, ... have a bit >> toggler. There are many ways file can be corrupted between being >> downloaded (where apt checks them) and them being unpacked and >> checksumed locally. > > Be that as it may, I don't think the md5sums file was ever intended to > be an integrity check of the .deb itself. Fortunately, the .deb also > includes checksums of control.tar.gz and data.tar.gz, thanks to use of > the gzip container format.
That is not about the integrity of the deb. It is about the integrity of the files on the system. And if you do have faulty memory (or any of the other problems) then calculating the checksum locally will have a high risk of calculating it from already corrupted data and miss the error. MfG Goswin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87zl2louls....@frosties.localdomain