In article <[🔎] 19990623161151.A1560@ormond.unimelb.edu.au> you write: > Each package can contain a DEBIAN/md5sums file. This is normally saved > into /var/lib/dpkg/info on the local machine. What I propose is to > instead extract this information during dinstall, and save is to a > <package>-<version>.md5sums file, to live alongside the .deb on the debian > ftp server. (Alternatively, they could be collected into 1 file, like > the package list). > > A version of debsums could then be implemented to connect to the debian > server (or trusted mirror) and use these .md5sums files to verify the > majority of the files on a system. The debsums utility could also be > moved to a boot disk, to guarantee secure operation given a potentially > damaged machine. Here are my suggestions - I hope this makes sense to someone: 1. Somebody else recently said (on this mailing list) that md5sums can be "faked" by increasing the length of the file. Hence I would store the file length in the md5sum file (like with the *.changes file and *.dsc file). 2. I would also get the maintainer/uploader to sign the file using PGP/GPG... 3. This file would also need to contain entries for files in DEBIAN/* (otherwise somebody could but rm -rf / in the preinst routine and nothing else would matter). 4. Also, I probably would seperate config files from non-config files, so you can check the security of the binaries when installed without a lot of errors about the changed config files. I previously said something like this here on this mailing list, but nobody replied. Does that mean I messed up sending the message? -- Brian May <bam@snoopy.apana.org.au>
Attachment:
pgpDZn_dyRyeA.pgp
Description: PGP signature