On 9/22/07, Dmitry Potapov <dpotapov@xxxxxxxxx> wrote: > used to create the original file. So, if you put any .deb file in such > a system, you will get back a different .deb file (with a different SHA1). > So, aside high CPU and memory requirements, this system cannot work in > principle unless all users have exactly the same version of a compressor. Was thinking the same - compression machinery, ordering of the files, everything. It'd be a nightmare to ensure you get back the same .deb, without a single different bit. Debian packaging toolchain could be reworked to use a more GIT-like approach - off the top of my head, at least - signing/validating the "tree" of the package rather than the completed package could allow the savings in distribution you mention, decouple the signing from the compression, and simplify things like debdiff - git or git-like strategies for source packages cheers, m - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
