[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts

On Thu, Dec 04, 2003 at 03:07:52AM +0100, Goswin von Brederlow wrote:
> Anthony DeRobertis <asd@suespammers.org> writes:
> > On Wed, 2003-12-03 at 05:23, Manoj Srivastava wrote:
> > 
> > > 	Because it buys little security wise? 
> > 
> > I can take a rescue disk, a CD with relevant packages on it, boot the
> > suspect server from the rescue disk, and quickly check md5sums. At
> > least, if all packages had md5sums I could.
> You can just as well just check all the debs. gunzip doesn't take
> longer, the slowest thing usually is the cdrom.

¿You mean from your CDs? You won't usually have up-to-date CDroms with the 
security updates (at least I don't). So, if you lack a network connection, 
you would need to download the archive, make a CD... 

I was about to say that you needed your own tools, but then I found
debsums' --deb-path option. Still, it would be best if you could download a
list of valid MD5sums from your favorite Debian mirror (an option not
currently available) instead of all the .deb and then manually extract the 
md5sums from them. That list could be provided on a per-Release basis 
together with separate lists for security updates and proposed-updates [1] 
and could be checked automatically by tools like debsums, running of a CD.



[1] Similar to our Contents-* files but providing the md5sum within it too.
Hmm... I think I'm going to submit a wishlist bug to ftp.debian.org

Attachment: signature.asc
Description: Digital signature

Reply to: