On Wed, Mar 03, 2010 at 05:41:26PM -0600, Peter Samuelson wrote: > > [Harald Braumann] > > > Given a .deb, turning the data.tar.gz into foo.md5sums is a SMOP. > > > This could be before, during, or after the deb is unpacked. > > > If you create the hashes at unpack time, you don't catch errors that > > happen during unpack. > > You mean errors reading the data.tar.gz file? That is what the gzip > checksum is for, as I said later in my email.
Errors writing a file. If there should be support in the future for signing hash files, then creating them would have to be done at package creation time anyway. Also, I think, that it is in general better to have as much complexity as possible in the package builder and make the client tools as dumb as possible. harry -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100304002053.gb16...@nn.nn