On Thu, Dec 04, 2003 at 03:07:52AM +0100, Goswin von Brederlow wrote: > Anthony DeRobertis <asd@suespammers.org> writes: > > > On Wed, 2003-12-03 at 05:23, Manoj Srivastava wrote: > > > > > Because it buys little security wise? > > > > I can take a rescue disk, a CD with relevant packages on it, boot the > > suspect server from the rescue disk, and quickly check md5sums. At > > least, if all packages had md5sums I could. > > You can just as well just check all the debs. gunzip doesn't take > longer, the slowest thing usually is the cdrom. ¿You mean from your CDs? You won't usually have up-to-date CDroms with the security updates (at least I don't). So, if you lack a network connection, you would need to download the archive, make a CD... I was about to say that you needed your own tools, but then I found debsums' --deb-path option. Still, it would be best if you could download a list of valid MD5sums from your favorite Debian mirror (an option not currently available) instead of all the .deb and then manually extract the md5sums from them. That list could be provided on a per-Release basis together with separate lists for security updates and proposed-updates [1] and could be checked automatically by tools like debsums, running of a CD. Regards Javi [1] Similar to our Contents-* files but providing the md5sum within it too. Hmm... I think I'm going to submit a wishlist bug to ftp.debian.org
Attachment:
signature.asc
Description: Digital signature