Re: md5 package summaries on ftp server (was Re: System integrity)

To: debian-devel@lists.debian.org
Subject: Re: md5 package summaries on ftp server (was Re: System integrity)
From: Chris Leishman <masklin@debian.org>
Date: Thu, 24 Jun 1999 04:28:28 +1000
Message-id: <[🔎] 19990624042828.A9338@ormond.unimelb.edu.au>
In-reply-to: <[🔎] 19990623191135.A1006@snoopy.apana.org.au>; from Brian May on Wed, Jun 23, 1999 at 07:11:36PM +1000
References: <[🔎] 19990623161151.A1560@ormond.unimelb.edu.au> <[🔎] 19990623191135.A1006@snoopy.apana.org.au>

On Wed, Jun 23, 1999 at 07:11:36PM +1000, Brian May wrote:
> 
> Here are my suggestions - I hope this makes sense to someone:
> 
> 1. Somebody else recently said (on this mailing list) that md5sums can
> be "faked" by increasing the length of the file. Hence I would store the
> file length in the md5sum file (like with the *.changes file and *.dsc
> file).

I still haven't seen any evidence of this...

> 
> 2. I would also get the maintainer/uploader to sign the file using
> PGP/GPG...

Ideally - yes.  Practically - no.  I am talking about a "quick" enhancement
to the debian ftp sites and package system.  It is a task to simply extracting
the DEBIAN/md5sums file (or generating if needs be) for each package and
putting it in a seperate file on the ftp server.  This will just make
checking binary integrity a whole lot nicer and more secure.

> 
> 3. This file would also need to contain entries for files in DEBIAN/*
> (otherwise somebody could but rm -rf / in the preinst routine and
> nothing else would matter).

Yes - of course.  But that is why the .dsc files (which contain an md5 of the
package file) are signed by the maintainer, and apt et al should ideally check 
these signatures when downloading...  And besides - the security of the ftp
server, etc, is not the issue.  If we are going to worry about that there
needs to be a big overhaul of the system.  Lets face it - most people are
going to have to trust the ftp server...

> 
> 4. Also, I probably would seperate config files from non-config files,
> so you can check the security of the binaries when installed without a
> lot of errors about the changed config files.

At the moment an DEBIAN/md5sums file ignores config files.  Ideally we should
have some way to check them - but practically...no.  Like I said, this is
just an enhancement of an existing system - not a full blown "solution" to
the worlds problems.

Chris

-- 
----------------------------------------------------------------------
       As a computer, I find your faith in technology amusing.
----------------------------------------------------------------------
Reply with subject 'request key' for PGP public key.  KeyID 0xA9E087D5

Reply to:

Follow-Ups:
- Re: md5 package summaries on ftp server (was Re: System integrity)
  - From: Jason Gunthorpe <jgg@ualberta.ca>
- Re: md5 package summaries on ftp server (was Re: System integrity)
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: md5 package summaries on ftp server (was Re: System integrity)
  - From: Brian May <bam@snoopy.apana.org.au>

References:
- md5 package summaries on ftp server (was Re: System integrity)
  - From: Chris Leishman <masklin@debian.org>
- Re: md5 package summaries on ftp server (was Re: System integrity)
  - From: Brian May <bam@snoopy.apana.org.au>

Prev by Date: Re: Big problems with arch-indep perl-based packages on archs other than i386
Next by Date: Re: install-info --remove in prerm?
Previous by thread: Re: md5 package summaries on ftp server (was Re: System integrity)
Next by thread: Re: md5 package summaries on ftp server (was Re: System integrity)
Index(es):
- Date
- Thread