Re: debsums for maintainer scripts

To: Anthony DeRobertis <asd@suespammers.org>
Cc: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>, Debian Devel <debian-devel@lists.debian.org>
Subject: Re: debsums for maintainer scripts
From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
Date: 05 Dec 2003 01:06:28 +0100
Message-id: <[🔎] 87k75ccem3.fsf@mrvn.homelinux.org>
In-reply-to: <[🔎] D846D151-267D-11D8-BBF9-00039317863E@suespammers.org>
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 3FCB50A2.90907@beamnet.de> <[🔎] 20031201161124.GA21059@complete.org> <[🔎] 20031201170828.GA17611@zombie.inka.de> <[🔎] 20031201184317.GA1760@mail.schiach.de> <[🔎] 20031201185609.GA14602@cattlegrid.net> <[🔎] 20031201201152.GF17282@mails.so.argh.org> <[🔎] 20031201221236.GA23983@cattlegrid.net> <[🔎] 87brqqb3oa.fsf@glaurung.green-gryphon.com> <[🔎] 1070491251.18244.136.camel@bohr.local> <[🔎] 87ptf5cp3b.fsf@mrvn.homelinux.org> <[🔎] D846D151-267D-11D8-BBF9-00039317863E@suespammers.org>

Anthony DeRobertis <asd@suespammers.org> writes:

> On Dec 3, 2003, at 21:07, Goswin von Brederlow wrote:
> >
> > You can just as well just check all the debs. gunzip doesn't take
> > longer, the slowest thing usually is the cdrom.
> 
> True, so I should probably just put the md5sums files on my CD, and
> check those. That'd be far faster.
> 
> 
> I could even put the md5sums on a floppy, they're small. Or md5sums
> for all packages, even.
> 
> 
> Actually, I think the biggest benefit of md5sums is that while
> attackers certainly could modify them, often they don't. While passing
> debsums certainly can't prove the integrity of a system, debsums
> failing can certainly prove the lack of integrity.

And the next rootkit will change md5sums files too...

> And they do help when you suspect hardware troubles, too.

Having md5sums signatures instead of files _inside_ the deb doesn't
prevent that.

MfG
        Goswin

Reply to:

Follow-Ups:
- Re: debsums for maintainer scripts
  - From: Anthony DeRobertis <asd@suespammers.org>

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Revival of the signed debs discussion
  - From: John Goerzen <jgoerzen@complete.org>
- debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Eduard Bloch <edi@gmx.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Michael Ablassmeier <abi@grinser.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: christophe barbe <christophe@cattlegrid.net>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: christophe barbe <christophe@cattlegrid.net>
- Re: debsums for maintainer scripts
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: debsums for maintainer scripts
  - From: Anthony DeRobertis <asd@suespammers.org>
- Re: debsums for maintainer scripts
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: debsums for maintainer scripts
  - From: Anthony DeRobertis <asd@suespammers.org>

Prev by Date: Re: Building a distribution from source?
Next by Date: Re: debsums for maintainer scripts
Previous by thread: Re: debsums for maintainer scripts
Next by thread: Re: debsums for maintainer scripts
Index(es):
- Date
- Thread