Thank You for Your time and answer, Johannes: > This is to be expeced. The md5sum is not part of the package. dpkg -S > searches files belonging to a software package, not files that contain > the signature of the package.
> What does 'll /var/lib/dpkg/info/ace-of-penguins.md5sums' yield > (assuming that you have the package ace-of-penguins installed)? I have no the package installed. What is the ll command do? > > How I can find out from whence the file has come? > > Probably not at all. Your files will have the same md5sums no matter > from where you've got the package (ie. it does not matter, if the > package is from your DVD someone else's dvd or from some server over the > internet, as long as the integrity of the files is ok (ie. md5sums). > > To verify you could try 'debsums ace-of-penguins' Actually, all I wanted here was to find out from which package come the md5sums for each package - to understand how the check process works. I want to know, if I can check the integrity of a downloaded package through FTP and not apt-get. - For if a check sum comes w/ the package - then I can not trust it. If the sums come apart, then, can I: . download and install the package; . trustworthy run debsums for every package to a check sum filed DVD - to know that the packages are safe? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
