md5sums and system integrity
-----BEGIN PGP SIGNED MESSAGE-----
*integrity*, *not* *security*, dammit
I have the sinking feeling that some people in this forum have a hard
time understanding the distinction.
Virtually no-one wants md5sums of the files in a .deb for *security*
(as in guarding against cracking). We'd like (we want) those md5sums
for checking system integrity (as in guarding against accidential
I admit I'm on of that pack... for two reasons:
1. Some packages (many? Haven't checked) already have a file with
the md5sums in the package already.
So... why not make it consistent over all the packages?
2. I recently had some trouble with fetchmail on my laptop. If
there had been a file of md5sums, I could have checked for a
corrupted binary quickly and easily.
I later found the problem was fetchmail barfing when it sees '-v
-v' as options (though the docs mentio this :-( but still.
So... where's the problem?
PS: I guess there's still gonna be folks replying to this with "but
md5sums are useless for system security"... *sigh*
Jürgen A. Erhard eMail: firstname.lastname@example.org phone: (GERMANY) 0721 27326
My WebHome: http://members.tripod.com/~Juergen_Erhard
"Ever wonder why the SAME PEOPLE
make up ALL the conspiracy theories?" -- Michael K. Johnson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.7a (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----