Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
* Adam Heath
| On Mon, 13 Jan 2003, Jack Howarth wrote:
| > Adam,
| > Jakub apparently disputes the notion that prelink is
| > ever an untrusted binary. He explicitly builds it with
| > static linking which means prelink can't modify itself.
| > He says that one just needs to do a trivial md5sum
| > check on the prelink binary before using it.
| and what if md5sum is also hacked?
Have an internal md5sum in dpkg? Which I believe you will need for
the verification anyhow. (Else, you'll trust the external md5sum and
that's something you want to avoid.)
Tollef Fog Heen ,''`.
UNIX is user friendly, it's just picky about who its friends are : :' :