[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System integrity...

Chris Leishman wrote:
> 1)  Is it policy that a package must contain a DEBIAN/md5sums file?
>     (not all do). Should it be?
> 
> 2)  Is it possible to create an easily accessable copy of these md5sums
>     on the debian servers (similar to package lists, or perhaps as a .md5sums
>          to go alongside the .deb) so that people can easily verify the integrity
>          of an installation, without relying on potentially modified local versions
>          of the md5sums (as is currently used by the debsums utility).
> 
> I'll CC this to debian-policy..

I'm currently unsubscribed to -policy - I should be resubscribing soon,
when my free time increases to that amount needed to follow policy.  So
apologies if this has been covered before...  

Doesn't an md5sums file need to have file lengths to work?  I
understoood that there were known algorithms to produce a new file with
a given md5sum, if you can vary the length of the file?

Jules

-- 
/----------------+-------------------------------+---------------------\
|  Jelibean aka  | jules@jellybean.co.uk         |  6 Evelyn Rd        |
|  Jules aka     |                               |  Richmond, Surrey   |
|  Julian Bean   | jmlb2@hermes.cam.ac.uk        |  TW9 2TF *UK*       |
+----------------+-------------------------------+---------------------+
|  War doesn't demonstrate who's right... just who's left.             |
|  When privacy is outlawed... only the outlaws have privacy.          |
\----------------------------------------------------------------------/
Reply to: