[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums (was Re: System integrity...)

On Sun, Jun 13, 1999 at 03:46:42AM +0200, Martin Bialasinski wrote:
> CL> What is the criteria that determines which packages get .md5sums
> CL> files stored in /var/lib/dpkg/info/ ??
> The file is created during debian/rules binary by dh_md5sums or other
> means.

Yes...but I wasn't sure if there was policy requirement for this or not(?).
Or is it just "a good thing"(TM)?

Would it be difficult to extract the md5 information from a debian package
to store in a seperate record on a debian server (similar to package info
stored in the package lists)?  We could then enhance debsums to download and
use these records (which would hopefully be free from corruption/error).

This would be particularily usefull for people who want to verify installations
that have been "hacked" (similar to the way tripwire requires a database
on read-only media).  Having .md5sums on the local system isn't overly usefull
for this, as they could be as easily modified as any system binaries.

Just a thought....


       As a computer, I find your faith in technology amusing.
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5

Reply to: