Package: dpkg Version: 1.14.20 Severity: minor Hi,
man 1 dpkg-deb mentions the following under "BUGS": | There is no authentication on .deb files; in fact, there isnt | even a straightforward checksum. I don't think that is a bug for the low level tool; this is handled just fine by the higher level tools like APT which include authentication and checksums. Maybe it stems from pre-APT times. As this is not a bug (anymore) and it may suggest to the casual reader that there's some kind of trust problem, I think it should be removed. Patch that does this, is attached. cheers, Thijs -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.25-2-powerpc Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages dpkg depends on: ii coreutils 6.10-6 The GNU core utilities ii libc6 2.7-12 GNU C Library: Shared libraries dpkg recommends no packages. Versions of packages dpkg suggests: ii apt 0.7.14 Advanced front-end for dpkg ii lzma 4.43-14 Compression method of 7z format in -- no debconf information
diff -ur dpkg-1.14.20.orig/man/de/dpkg-deb.1 dpkg-1.14.20/man/de/dpkg-deb.1 --- dpkg-1.14.20.orig/man/de/dpkg-deb.1 2008-06-18 09:41:19.000000000 +0200 +++ dpkg-1.14.20/man/de/dpkg-deb.1 2008-07-23 16:27:16.000000000 +0200 @@ -172,9 +172,6 @@ .SH FEHLER \fBdpkg\-deb \-I\fP \fIpaket1\fP\fB.deb\fP \fIpaket2\fP\fB.deb\fP macht das Falsche. -Es gibt keine Authentifizierung von \fB.deb\fP\-Dateien; in der Tat gibt es -sogar noch nicht mal eine direkte Prüfsumme. - Versuchen Sie nicht, nur mit \fBdpkg\-deb\fP Software zu installieren! Sie müssen \fBdpkg\fP selber verwenden, um sicherzustellen, dass alle Dateien an den richtigen Ort platziert werden, die Paketskripte ausgeführt werden und diff -ur dpkg-1.14.20.orig/man/dpkg-deb.1 dpkg-1.14.20/man/dpkg-deb.1 --- dpkg-1.14.20.orig/man/dpkg-deb.1 2008-01-08 18:49:54.000000000 +0100 +++ dpkg-1.14.20/man/dpkg-deb.1 2008-07-23 16:24:26.000000000 +0200 @@ -224,10 +224,6 @@ .IB package2 .deb does the wrong thing. -There is no authentication on -.B .deb -files; in fact, there isn't even a straightforward checksum. - Do not attempt to use just .B dpkg\-deb to install software! You must use diff -ur dpkg-1.14.20.orig/man/fr/dpkg-deb.1 dpkg-1.14.20/man/fr/dpkg-deb.1 --- dpkg-1.14.20.orig/man/fr/dpkg-deb.1 2008-06-18 09:41:19.000000000 +0200 +++ dpkg-1.14.20/man/fr/dpkg-deb.1 2008-07-23 16:27:28.000000000 +0200 @@ -167,9 +167,6 @@ .SH BOGUES \fBdpkg\-deb \-I\fP \fIpaquet1\fP\fB.deb\fP \fIpaquet2\fP\fB.deb\fP se trompe. -Il n'y a pas de validation des fichiers \fB.deb ;\fP en fait, il n'y a même pas -de simple somme de contrôle. - N'essayez pas d'installer un logiciel avec \fBdpkg\-deb !\fP Vous devez utiliser \fBdpkg\fP pour être sûr que tous ses fichiers sont correctement mis en place, que les scripts du paquet sont exécutés et que son contenu et son état sont diff -ur dpkg-1.14.20.orig/man/pl/dpkg-deb.1 dpkg-1.14.20/man/pl/dpkg-deb.1 --- dpkg-1.14.20.orig/man/pl/dpkg-deb.1 2008-06-18 09:41:20.000000000 +0200 +++ dpkg-1.14.20/man/pl/dpkg-deb.1 2008-07-23 16:27:39.000000000 +0200 @@ -161,9 +161,6 @@ .SH B£ÊDY \fBdpkg\-deb \-I\fP \fIpakiet1\fP\fB.deb\fP \fIpakiet2\fP\fB.deb\fP dzia³a niepoprawnie. -Brak sprawdzania autentyczno¶ci plików \fB.deb\fP. Tak naprawdê, to nawet nie -jest sprawdzana suma kontrolna archiwum. - Nie nale¿y u¿ywaæ \fBdpkg\-deb\fP do instalowania oprogramowania! Do tego celu nale¿y korzystaæ z \fBdpkg\fP, który zainstaluje poprawnie pliki i uruchomi potrzebne skrypty instalacyjne. diff -ur dpkg-1.14.20.orig/man/sv/dpkg-deb.1 dpkg-1.14.20/man/sv/dpkg-deb.1 --- dpkg-1.14.20.orig/man/sv/dpkg-deb.1 2008-06-18 09:41:20.000000000 +0200 +++ dpkg-1.14.20/man/sv/dpkg-deb.1 2008-07-23 16:27:49.000000000 +0200 @@ -161,9 +161,6 @@ .SH PROGRAMFEL \fBdpkg\-deb \-I\fP \fIpaket1\fP\fB.deb\fP \fIpaket2\fP\fB.deb\fP gör fel. -Det finns ingen autentisering i \fB.deb\fP\-filer; det finns faktiskt inte ens -en vanlig kontrollsumma. - Försök inte använda bara \fBdpkg\-deb\fP för att installera programvara! Du måste använda normala \fBdpkg\fP för att se till att alla filer läggs på korrekt plats och att paketets skript körs och dess status och innehåll
