Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)

To: Chad Walstrom <chewie@wookimus.net>
Cc: debian-devel@lists.debian.org
Subject: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: 03 Dec 2003 02:15:21 +0100
Message-id: <[🔎] 87oeuqhfbq.fsf@mrvn.homelinux.org>
In-reply-to: <[🔎] 20031202153558.GA12920@wookimus.net>
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 3FCB50A2.90907@beamnet.de> <[🔎] 20031201161124.GA21059@complete.org> <[🔎] 20031201170828.GA17611@zombie.inka.de> <[🔎] 20031201201140.GC1952@wookimus.net> <[🔎] 20031202140123.A7688@ganymed.informatik.uni-freiburg.de> <[🔎] 20031202153558.GA12920@wookimus.net>

Chad Walstrom <chewie@wookimus.net> writes:

> On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote:
> > > A true IDS is needed, such as aide, tripwire, or cfengine to detect
> > > post-installation intrusion.  Tie in aide or tripwire database
> > > checks/updates with the apt.conf "PostInst" option in addition to a
> > > daily cronjon to ensure the database is updated in a timely manner.
> > 
> > I think this is even more stupid than using *.md5sums. When they are
> > daily generated, you have no chance at all to be sure they are not
> > modified.
> 
> I'm not following your logic, if that's what you call it.  You're saying
> that checking the current filesystem on a daily basis is NOT a good way
> to verify filesystem integrity?
> 
> Update your system when you introduce a known change (a must).  Check it
> daily (a must).  What is incorrect about this policy?

I think he misunderstood you. He thought you would update the md5sums
daily via cron instead of checking the daily.

MfG
        Goswin

Reply to:

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Revival of the signed debs discussion
  - From: John Goerzen <jgoerzen@complete.org>
- debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Eduard Bloch <edi@gmx.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Chad Walstrom <chewie@wookimus.net>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: "Bernhard R. Link" <blink@informatik.uni-freiburg.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Chad Walstrom <chewie@wookimus.net>

Prev by Date: Re: Bits from the RM
Next by Date: Re: Backport of the integer overflow in the brk system call
Previous by thread: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
Next by thread: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
Index(es):
- Date
- Thread