On 01-07-28 Marcus Brinkmann wrote: > On Fri, Jul 27, 2001 at 09:09:55PM +0200, Wichert Akkerman wrote: > > Previously Marcus Brinkmann wrote: > > > Can you elaborate on the advantage of letting everyone generate their own > > > checksums for the installed files? Seems to me a waste of cpu cycles. > > We process all the data in a pipe anyway so calculating the checksum > > takes no effort. Benefits are we don't need to store them on lots of mirrors > > (space saving), it's more configurable (specify which checksums you want), > > it's more flexible (easily add new checksums without changing the archive). > I think that the checksums should be in the package, and burned on CDs along > with the package, so you can verify them more easily. Creating them by > an untrusted system, and storing them on writable media (even temporarily) > is a process which is difficult to harden. But, our packages are not only available burned on CD, but from lots of ftp servers, where they are located on a writable media, called hard disk. So, the packages can still be modified and a checksum changed so that you won't notice it. Also you forget that the package and the md5sum are generated on a system about which you have absolutely no information and can't make any assumption about it's security and if it's trustworthy or not. So, I find your argumentation above absolutely not legaly, as you are not looking at the whole problem. Christian -- Debian Developer (http://www.debian.org) 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpTnx4BDnGqu.pgp
Description: PGP signature