[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

md5sums and system integrity

Hash: SHA1

*integrity*, *not* *security*, dammit

I have the sinking feeling that some people in this forum have a hard
time understanding the distinction.

Virtually no-one wants md5sums of the files in a .deb for *security*
(as in guarding against cracking).  We'd like (we want) those md5sums
for checking system integrity (as in guarding against accidential
file/system corruption).

I admit I'm on of that pack... for two reasons:

  1. Some packages (many?  Haven't checked) already have a file with
     the md5sums in the package already.

     So... why not make it consistent over all the packages?

  2. I recently had some trouble with fetchmail on my laptop.  If
     there had been a file of md5sums, I could have checked for a
     corrupted binary quickly and easily.

     I later found the problem was fetchmail barfing when it sees '-v
     -v' as options (though the docs mentio this :-(  but still.

So... where's the problem?

Bye, J

PS: I guess there's still gonna be folks replying to this with "but
md5sums are useless for system security"... *sigh*

- -- 
Jürgen A. Erhard      eMail: jae@ilk.de      phone: (GERMANY) 0721 27326
         My WebHome: http://members.tripod.com/~Juergen_Erhard
                    "Ever wonder why the SAME PEOPLE
      make up ALL the conspiracy theories?" -- Michael K. Johnson
Version: GnuPG v0.9.7a (GNU/Linux)
Comment: For info see http://www.gnupg.org


Reply to: