Vincent Lefevre <vinc...@vinc17.net> writes: > On 2015-07-29 00:21:54 +0200, Antonio Diaz Diaz wrote:
>> A compressed file is like an envelope with a message inside. The >> objective of the decompressor is to extract the message and deliver it >> intact to the user. > The problem is that data could have been appended to a compressed file > (thanks Firefox!), and one wants to detect that and not lose such data, > i.e. after the envelope is not necessarily garbage, it may be important > data. There were a few long messages to this thread that I didn't absorb in their entirety, so apologies if this is a repeat. But another angle of this is that the discussion is about using lzip *for Debian packages*. In that context, being tolerant of appended data, or *any* other form of modification to the file, is basically pointless. Debian packages are authenticated and protected via cryptographic signatures, which will not match if there are any changes at all to the file, even appending a nul byte. And if the signature doesn't verify, one should treat the package with extreme suspicion, and certainly should not be installing it on a system except in a very controlled environment for investigative purposes. So regardless of the merits or drawbacks of such a feature, it's rather irrelevant to the discussion that we're having here. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mvy9msvh....@hope.eyrie.org