Hello, On Thu, Aug 13, 2009 at 09:23:23AM +0200, Joerg Jaspert wrote: > On 11841 March 1977, Nicolas François wrote: > > >> which should be easy enough to output. When such an output file is > >> configured, the descriptions should no longer get written to the > >> Packages files. > > I'm not sure that will be sufficient, unless the Description-md5 field is > > added to the Packages file. > > The system needs a way to detect when a description changes. > > That should be doable. > > >> (Sidenote: Can we PLEASE DROP MD5 when we are going to work on it?) > > Now, if we want to remove the MD5, we need to introduce another way to map > > descriptions to actual packages. > > This could be done with the package's version. > > Think like s/md5/sha256/ or so :)
That should be doable;) Note that the probability of a collision (Description are controlled by trusted people), and the consequences of a collision (a wrong long description is displayed), do not make me too afraid of using MD5. It might be good to isolate the description/translations from different APT sources (which might already be the case, I did not check), but if I give enough trust in an archive so that I put it in my sources.list, something much harmful than just a wrong translation could occur. Kind Regards, -- Nekral -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
