On 01-07-28 Marcus Brinkmann wrote:
> On Fri, Jul 27, 2001 at 09:09:55PM +0200, Wichert Akkerman wrote:
> > Previously Marcus Brinkmann wrote:
> > > Can you elaborate on the advantage of letting everyone generate their own
> > > checksums for the installed files? Seems to me a waste of cpu cycles.
> > We process all the data in a pipe anyway so calculating the checksum
> > takes no effort. Benefits are we don't need to store them on lots of mirrors
> > (space saving), it's more configurable (specify which checksums you want),
> > it's more flexible (easily add new checksums without changing the archive).
> I think that the checksums should be in the package, and burned on CDs along
> with the package, so you can verify them more easily. Creating them by
> an untrusted system, and storing them on writable media (even temporarily)
> is a process which is difficult to harden.
But, our packages are not only available burned on CD, but from lots of
ftp servers, where they are located on a writable media, called hard
disk. So, the packages can still be modified and a checksum changed so
that you won't notice it. Also you forget that the package and the
md5sum are generated on a system about which you have absolutely no
information and can't make any assumption about it's security and if
it's trustworthy or not. So, I find your argumentation above absolutely
not legaly, as you are not looking at the whole problem.
Christian
--
Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Attachment:
pgpTnx4BDnGqu.pgp
Description: PGP signature