Re: How reliable is "debsums"?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Justin Ryan wrote:
> Use both! One advantage of debsums is that you can compare md5sums
> against a package, rather than just the system db. If you fear that
> something may have been modified, you can download the .deb file and
> bypass anything that an attacker could modify. Of course, the debsums
> binary could be modified to never report that anything has changed, but
> every little bit helps..
This isn't really reliable, because many important packages lack
md5sums. AFAIR it is optional to generate the md5sums in packages.
- - Alexander
- --
"fighting for peace is like fucking for virginity"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9kYSxFBE43aPkXWYRAn+sAJ93CgkgTYxI/nLRAWfXLQvDt+dxywCfVEWb
04jukmfaQ7bey0kHGEnM3y4=
=y/CA
-----END PGP SIGNATURE-----
Reply to: