Re: debsums for maintainer scripts

To: Debian Devel <debian-devel@lists.debian.org>
Cc: Andreas Barth <aba@not.so.argh.org>, Michael Ablassmeier <abi@grinser.de>, debsums@packages.debian.org
Subject: Re: debsums for maintainer scripts
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: 04 Dec 2003 02:46:16 +0100
Message-id: <[🔎] 873cc1e4nr.fsf@mrvn.homelinux.org>
In-reply-to: <[🔎] 87brqqb3oa.fsf@glaurung.green-gryphon.com>
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 3FCB50A2.90907@beamnet.de> <[🔎] 20031201161124.GA21059@complete.org> <[🔎] 20031201170828.GA17611@zombie.inka.de> <[🔎] 20031201184317.GA1760@mail.schiach.de> <[🔎] 20031201185609.GA14602@cattlegrid.net> <[🔎] 20031201201152.GF17282@mails.so.argh.org> <[🔎] 20031201221236.GA23983@cattlegrid.net> <[🔎] 87brqqb3oa.fsf@glaurung.green-gryphon.com>

Manoj Srivastava <srivasta@debian.org> writes:

> On Mon, 1 Dec 2003 17:12:36 -0500, christophe barbe <christophe@cattlegrid.net> said: 
> 
> > I don't see why adding a md5dsum_are_mandatory clause to the debian
> > policy would be difficult (what would be a good reason to not add
> > md5sum to a package?).

Because without preventing tampering (even accidental) of the md5sums
file its quite useless. Making a md5sums file signature mandatory
would gain you something and takes way less space.

> 	Because it buys little security wise? Because there are
>  solutions one can put in place today that offer better coverage than
>  in package md5sums?

MfG
        Goswin

Reply to:

Follow-Ups:
- Re: debsums for maintainer scripts
  - From: Anthony DeRobertis <asd@suespammers.org>

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Revival of the signed debs discussion
  - From: John Goerzen <jgoerzen@complete.org>
- debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Eduard Bloch <edi@gmx.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Michael Ablassmeier <abi@grinser.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: christophe barbe <christophe@cattlegrid.net>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: christophe barbe <christophe@cattlegrid.net>
- Re: debsums for maintainer scripts
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: debsums for maintainer scripts
Next by Date: Re: Revival of the signed debs discussion
Previous by thread: Re: debsums for maintainer scripts
Next by thread: Re: debsums for maintainer scripts
Index(es):
- Date
- Thread