Binary diffs for deb files
John Nilsson
john at milsson.nu
Fri May 5 20:12:00 BST 2006
On Fri, 2006-05-05 at 17:20 +0100, James Hall wrote:
> Hi John,
>
> The deb format already contains md5sums of each individual file, and
> since the entire package is signed, this is also signed. You can find it
> by extracting a deb file and looking in control for the file named
> 'md5sums'.
Ok, good to know, I hadn't been looking too hard for it yet =)
In any case. Still, why not be content with signing that? Extracting
that file shouldn't impose that much additional work to verify a
package. And then the package would be totally independent of how it's
stored or transferred.
Regards,
John
More information about the ubuntu-devel
mailing list