Re: bzip2 for source packages?
Hello!
In article <[🔎] 13626.12150.464737.43696@miles.econ.queensu.ca> you write:
> Avery> Could someone explain to me why it's so important to keep sources
> Avery> "pristine" in this sense?
>Security. Trojan horses. To be able to compare against digital footprints (eg
>md5sums) from upstream.
> Avery> I can understand not wanting to
> Avery> untar-retar the archive, but recompressing it? Who does that hurt?
>The md5sum changes.
Only if you (IMHO erroneously) take the md5 of the compressed archive.
And a MD5 itself doesn't secure you from trojans, anyway. (If I can change
the MD5ed file, I can often also change the MD5.)
Regards, Felix.
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: