Re: packages without .md5sums file?

To: debian-devel@lists.debian.org
Subject: Re: packages without .md5sums file?
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Sun, 29 Jul 2001 14:42:26 +0200
Message-id: <[🔎] 20010729144226.D464@212.23.136.22>
In-reply-to: <[🔎] 20010729095915.M23974@seteuid.getuid.de>
References: <[🔎] 200107271053.f6RArHlc024626@dizzy.dz.net> <[🔎] 20010727130737.D30465@wiggy.net> <[🔎] 20010727204929.F702@212.23.136.22> <[🔎] 20010727210955.B2998@wiggy.net> <[🔎] 20010728011156.A105@212.23.136.22> <[🔎] 20010728124913.K23974@seteuid.getuid.de> <[🔎] 20010728152017.D1170@212.23.136.22> <[🔎] 20010728163329.B11977@wiggy.net> <[🔎] 20010728165624.A2526@212.23.136.22> <[🔎] 20010729095915.M23974@seteuid.getuid.de>

On Sun, Jul 29, 2001 at 09:59:15AM +0200, Christian Kurz wrote:
> Wait, if your system has been attacked, then you shouldn't just trust
> the output of a tool that calculates md5sum for the installed binaries
> and compare them to a list stored somewhere.

That's what I said.  I got the impression that this is part of Wicherts
idea.

> > the files in the packages on the CD have the checksums precalculated,
> > the verification is faster and easier to perform regularly.
> 
> And who gurantees you that the checksums on the CD are correct?

The packages are signed.  The whole release will be signed, as far as I
know.  So I can verify these signatures and know they are the official
Debian CD images.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de

Reply to:

Follow-Ups:
- Re: packages without .md5sums file?
  - From: Wichert Akkerman <wichert@wiggy.net>

References:
- packages without .md5sums file?
  - From: Massimo Dal Zotto <dz@cs.unitn.it>
- Re: packages without .md5sums file?
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: packages without .md5sums file?
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: packages without .md5sums file?
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: packages without .md5sums file?
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: packages without .md5sums file?
  - From: Christian Kurz <shorty@debian.org>
- Re: packages without .md5sums file?
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: packages without .md5sums file?
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: packages without .md5sums file?
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: packages without .md5sums file?
  - From: Christian Kurz <shorty@debian.org>

Prev by Date: RE: Oracle 8.1.6, 8.1.7 on Debian
Next by Date: Re: packages without .md5sums file?
Previous by thread: Re: packages without .md5sums file?
Next by thread: Re: packages without .md5sums file?
Index(es):
- Date
- Thread