Re: Trust in the Debian Build Process

["James R. Van Zandt" <jrv@vanzandt.mv.com>]

Marc Singer <elf@netcom.com> writes:
>...read errors on the system drive corrupt system binaries until
>unexplained errors are noticed by the operator.  
>
>The first step to a solution is to sign or checksum the system
>binaries.  ITO that this is quite easy.  I'm planning to start with a
>checksum, test it, and then add signing.

Doesn't the debsums package do most of this already?

		    - Jim Van Zandt

Package: debsums
Priority: optional
Section: utils
Installed-Size: 20
Maintainer: Christoph Lameter <clameter@debian.org>
Architecture: all
Version: 1.0
Replaces: debmake
Depends: dpkg-dev
Filename: dists/unstable/main/binary-i386/utils/debsums_1.0.deb
Size: 4166
MD5sum: f58b8bdb7e23743957fca3f01ddd092a
Description: Tools to handle md5sums for installed packages
 This package contains instructions and the tools for having packages
 generate md5sums for all their files as also done by the debstd
 script of debmake. The package also contains a script to generate
 md5sum files for debian packages which do not install an md5sum
 file. The md5sum will be generated after the package is installed by
 invoking debsums_gen.
 .
 The package also allows comparing the md5sums in a .deb file with the
 current installed files by extracting the md5sums file from the .deb