[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

experimental system for per-file checksums

I was one of the people originally opposed to per-file checksums for
binary pacakges.  Now that they've been decided upon by fiat power,
I'd like to at least see them implemented in a non-obtrusive fashion.
In particular, I'm hoping to see a per-file checksum system that, like
tripwire, is:

 * invisible to the developer
 * secure against tampering
 * independent of the rest of the packaging system
 * optional to the end user and installable at any time

Accordingly, I've uploaded a proposal and proof-of-concept
implementation for a per-file checksum system that I believe to
possess the above four characteristics to

The proposal could be all wet --- I haven't given it anywhere near the
rigorous security review it deserves --- but if not, I think it oculd
make a decent starting point for a decent and non-intrusive per-file
checksum system.

I'd appreciate it if interested parties could take a look at the
proposal (it installs HTML-format documentation in /usr/doc/dpkgcert),
and get back to me with any comments they might have.

 - Klee

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: