Does a package only get compressed when it is updated or when the
compressor used to compress it (e.g. Zstandard, XZ, etc.) is updated? I'm hoping this is only the case if the program itself gets updated because
this would decrease the chance of exploits and backdoors.
I'm asking this for a friend and they're extremely scared about this kind
of thing.


--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

William Richards #SaveOurInternet wrote:

Does a package only get compressed when it is updated or when the
compressor used to compress it (e.g. Zstandard, XZ, etc.) is updated? I'm hoping this is only the case if the program itself gets updated because
this would decrease the chance of exploits and backdoors.
I'm asking this for a friend and they're extremely scared about this kind
of thing.

I'm not sure of the exact question you are asking, so let me
explain a couple of things and you could ask further questions.

A Debian package is a particular kind of file archive: a file
that stores other files within itself, in a way which allows the
complete retrieval of the original other files.

You can read about the format with the command

$ man ar

You can inspect the properties of a specific .deb package (or
any other kind of file) with the file command. Here's an example
of the information it will tell you:

$ file maptool-1.7.0.deb
maptool-1.7.0.deb: Debian binary package (format 2.0),
with control.tar.xz ,
data compression xz

So this particular .deb package has the XZ compression method
used So this particular .deb package has the XZ compression
method used on it. That method was set at the time the file was
written.

For any file that you or anyone else compresses, the resulting
compressed file is written to some kind of storage and we expect
it not to change after that unless deliberate written again.

In fact, Linux has several ways of writing files to storage,
each with various goals. The most common filesystem, ext4fs,
aims for a balance of features, performance, and general
structural integrity. If it gets damaged a little, the system as
a whole should keep running, even if files are lost.

Other filesystems have goals like "compatibility with other
systems" or "performance" as their highest ideal. There are
some, like ZFS, which prioritize "data integrity" as their top
goal. ZFS doesn't just write your data: it calculates integrity
codes for each file, stores the integrity information, and
re-verifies it on every read. If you give it multiple disks, it
can write the same file on multiple disks in a variety of ways
so that your files will survive the loss of one, two, or three
disks simultaneously.

But in all cases, once a file is written, whether it is
compressed or not, we expect to read back the same information
that we wrote. Anything else constitutes an error of some kind,
hopefully to be detected and in some cases corrected.

-dsr-

--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)

Hi,

On Tue, Feb 24, 2026 at 07:58:40AM +0000, William Richards #SaveOurInternet wrote:

Does a package only get compressed when it is updated or when the
compressor used to compress it (e.g. Zstandard, XZ, etc.) is updated? I'm hoping this is only the case if the program itself gets updated because
this would decrease the chance of exploits and backdoors.
I'm asking this for a friend and they're extremely scared about this kind
of thing.

This is like a game of Telephone; what you've written does contain words
but in a sequence that doesn't make a lot of sense to me. It's pointless
trying to answer it because even if we do happen to hit on the correct interpretation then whatever gets passed back to your friend probably
isn't going to resemble what was said here.

I suggest your friend does their own research if they have concerns.

Thanks,
Andy

--
https://bitfolk.com/ -- No-nonsense VPS hosting

--- PyGate Linux v1.5.12
* Origin: Dragon's Lair, PyGate NNTP<>Fido Gate (3:633/10)