Re: packages without .md5sums file?

To: debian-devel@lists.debian.org
Subject: Re: packages without .md5sums file?
From: Igor Belyi <ibelyi@yahoo.com>
Date: Wed, 1 Aug 2001 11:50:48 -0400
Message-id: <[🔎] 15208.9560.301705.573867@katehok.internal.katehok.homeip.net>

Hello,

In a recent wave of paranoia I run into the problem of files
verification. And surprise, surprise - the same topic was
raised on debian-devel.

What I think is necessary is a signature on md5sums. There's
a signature in the *.deb files but those are usually gone
after installation. If there were <package>.md5sign or
something like that with signature for md5sums this will
be quite enough to verify files from the package.

In the event you don't trust any of the programs on the
computer, just boot from the trusted CD, verify signature
on debian-keyring through the net and the rest of the
verification can be done locally.

This also means that md5sums and a signature for it should
be provided with a package.

Igor (a Debian user)

Reply to:

Follow-Ups:
- Re: packages without .md5sums file?
  - From: Igor Belyi <ibelyi@yahoo.com>

Prev by Date: Re: Bug#106822: mmv does not work with files larger than 2GB
Next by Date: [Debian account] I request your attention
Previous by thread: Re: Bug#106822: mmv does not work with files larger than 2GB
Next by thread: Re: packages without .md5sums file?
Index(es):
- Date
- Thread