Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking

To: debian-devel@lists.debian.org
Subject: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
From: Stephen Zander <gibreel@debian.org>
Date: Sun, 19 Jan 2003 14:30:51 -0800
Message-id: <[🔎] 87wul0g4bo.fsf@rabbit.fire-swamp.net>
In-reply-to: <[🔎] 20030113213104.GB17799@nevyn.them.org> (Daniel Jacobowitz's message of "Mon, 13 Jan 2003 16:31:04 -0500")
References: <[🔎] 200301131352.IAA08938@bromo.msbb.uc.edu> <[🔎] Pine.LNX.4.33.0301130931400.2080-100000@gradall.private.brainfood.com> <[🔎] 20030113213104.GB17799@nevyn.them.org>

>>>>> "Daniel" == Daniel Jacobowitz <dan@debian.org> writes:
    Daniel> On Mon, Jan 13, 2003 at 09:42:01AM -0600, Adam Heath
    Daniel> wrote:
    >> And I certainly hope tripwire is *not* modified to support such
    >> a broken as designed system.
    >> 
    >> (the reason this is broken, is because one must run an
    >> untrusted binary to check if the file has been modified)

    Daniel> Oh, Adam, that's blatantly ridiculous.  Think about it.
    Daniel> You take whatever you do to dpkg and libc6 and tripwire in
    Daniel> order to trust them and do it with prelink also.  Then
    Daniel> it's a trusted binary.

Tripwire doesn't rely on *any* outside objects, it's built static to
explicitly avoid such issues so all you're left having to trust is the
tripwire executable itself.

As for relying on file checksums, depnds what you mean by "checksum".
If SHA-1 is a checksum, then tripwire is not for you.

-- 
Stephen (tripwire maintainer)

"And what do we burn apart from witches?"... "More witches!"

Reply to:

Follow-Ups:
- Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Daniel Jacobowitz <dan@debian.org>
- Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Jack Howarth <howarth@bromo.msbb.uc.edu>
- (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Adam Heath <doogie@debian.org>
- Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
  - From: Daniel Jacobowitz <dan@debian.org>

Prev by Date: Re: Bug#177285: ITP: oak -- Python DNS Server
Next by Date: Re: Bug#177285: ITP: oak -- Python DNS Server
Previous by thread: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
Next by thread: Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
Index(es):
- Date
- Thread