[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debsums for maintainer scripts

Anthony DeRobertis <asd@suespammers.org> writes:

> On Dec 3, 2003, at 21:07, Goswin von Brederlow wrote:
> >
> > You can just as well just check all the debs. gunzip doesn't take
> > longer, the slowest thing usually is the cdrom.
> True, so I should probably just put the md5sums files on my CD, and
> check those. That'd be far faster.
> I could even put the md5sums on a floppy, they're small. Or md5sums
> for all packages, even.
> Actually, I think the biggest benefit of md5sums is that while
> attackers certainly could modify them, often they don't. While passing
> debsums certainly can't prove the integrity of a system, debsums
> failing can certainly prove the lack of integrity.

And the next rootkit will change md5sums files too...

> And they do help when you suspect hardware troubles, too.

Having md5sums signatures instead of files _inside_ the deb doesn't
prevent that.


Reply to: