Re: packages without .md5sums file?
On Sun, Jul 29, 2001 at 09:59:15AM +0200, Christian Kurz wrote:
> Wait, if your system has been attacked, then you shouldn't just trust
> the output of a tool that calculates md5sum for the installed binaries
> and compare them to a list stored somewhere.
That's what I said. I got the impression that this is part of Wicherts
idea.
> > the files in the packages on the CD have the checksums precalculated,
> > the verification is faster and easier to perform regularly.
>
> And who gurantees you that the checksums on the CD are correct?
The packages are signed. The whole release will be signed, as far as I
know. So I can verify these signatures and know they are the official
Debian CD images.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann GNU http://www.gnu.org marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de
Reply to: