On Thu, 2003-12-04 at 19:06, Goswin von Brederlow wrote: > > Actually, I think the biggest benefit of md5sums is that while > > attackers certainly could modify them, often they don't. While passing > > debsums certainly can't prove the integrity of a system, debsums > > failing can certainly prove the lack of integrity. > > And the next rootkit will change md5sums files too... rpm has had md5sums for a good, long time. Yet, when someone asks me 'why did my box break', its amazing how many times asking rpm to verify the md5sums finds ps, ls, etc. modified. Most attackers I've had to clean up after don't have a CLUE as to what they're doing. I find it difficult to believe that will change. > > > And they do help when you suspect hardware troubles, too. > > Having md5sums signatures instead of files _inside_ the deb doesn't > prevent that. If I have md5sums of each file, I know which files are damaged. That's quite different than knowing "something in xserver-xfree86 changed."
Description: This is a digitally signed message part