Package: dpkg Version: 1.17.13 Severity: wishlist The documentation of the new --verify option discusses the check available:
-V, --verify [package-name...] Verifies the integrity of package-name or all packages if omitted, by comparing information from the files installed by a package with the files metadata information stored in the dpkg database. The origin of the files metadata information in the database is the binary packages themselves. That metadata gets collected at package unpack time during the installation process. Currently the only functional check performed is an md5sum verification against the stored value in the files database. It will only get checked if the database contains the file md5sum. To check for any missing metadata in the database, the --audit command can be used. The output format is selectable with the --verify-format option, which by default uses the rpm format, but that might change in the future, and as such, programs parsing this command output should be explicit about the format they expect.
The md5sum verification performed should be defined and/or its relevance should be explained (ideally in terms which don't expect the reader to know about hashing algorithms), so that readers understand what a failure means. -- Filipus Klutiero http://www.philippecloutier.com -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
