Felipe Figueiredo ([EMAIL PROTECTED]) wrote on 25 October 2008 07:09: >On Saturday 25 October 2008 00:20:46 Alexander Konovalenko wrote: >> On Sat, Oct 25, 2008 at 02:33, Kees Cook <[EMAIL PROTECTED]> wrote: >> > [...] >> > >> > Additionally, it doesn't matter -- it's just the md5 in the email >> > announcement. The Release and Packages files for the archive have SHA1 >> > and SHA256. The md5 from the announcement is almost not important, >> > IMO -- no one should download files individually from the announcement. >> >> If no one should download files individually from the announcement, >> there's no point in including that long list of package URLs and >> hashes in the announcements at all. It would be enough to say, "Please >> use apt or your favorite package manager to download the packages for >> your system." > >+1 > >This is not the first time this subject "collides" in this list, but I don't >remember seeing a justification for such a long array of information I never >understoo the use for. > >While I see the point of having an independent source for confirmation in >case >of panic, if the Release and Package files are to be trusted, it seems the >version of the package should be enough, right? > >Can anyone please explain why that long list of links and filenames is >interesting, or point to a link that does?
I use it to find out the package names to update, and sometimes the version. Often a piece of software spreads through several packages, or is packaged as a lib, or has some other change in the name. Of course this doesn't apply to stable, where users should just use apt-get upgrade. For unstable more caution is necessary. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
