I think that:
- it is wrong to check MD5 at the "remote" site.
wget should already give the right image (check sums,..
maybe we don't check if wget was interrupted), and
there is (IMHO) higher probability that package
will be corrupted in the transport medium.
So md5 should be done on the target machine.
A lot of system has no md5 support.
- IIRC (but I should check): at the installation
time apt-get and dpkg check md5 for consistency
(maybe not enabled by default).
(ok, the md5 provided by the package, not by the
system in the fetch script, but for for an anti trojan
check, user need to use packages signatures (already
implemented in unstable)
- a md5 will make difficult to update system with
newer package. (but it is not yet implemented).
ciao
cate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
