[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: System integrity...

Chris Leishman wrote:
> What I propose is to extend the security of Debian.  I do not propose an
> "ultimate security solution", but simply a method to increase the security
> debian offers to users.  The proposal is as follows:
> 
> 
>   Each package can contain a DEBIAN/md5sums file.  This is normally saved
>   into /var/lib/dpkg/info on the local machine.  What I propose is to
>   instead extract this information during dinstall, and save is to a
>   <package>-<version>.md5sums file, to live alongside the .deb on the debian
>   ftp server.  (Alternatively, they could be collected into 1 file, like
>   the package list).

I'm not tracking this proposal on the weekly policy summary because as far
as I can see, it has nothing to do with policy per se, it's stricly a debian
mirror thing.

If people disagree with me on this, I'll be happy to track it.

>   A version of debsums could then be implemented to connect to the debian
>   server (or trusted mirror) and use these .md5sums files to verify the
>   majority of the files on a system.  The debsums utility could also be
>   moved to a boot disk, to guarantee secure operation given a potentially
>   damaged machine.

It's worth noting (as I have before) that Jim Dennis (some may know his from
linux gazette as the "answer guy" was/is/may be working on something
similar. His idea was to simply compare a debian cd against the install
system, checking md5sums. It gains you about the same things.

-- 
see shy jo
Reply to: