Re: debsums for maintainer scripts
Anthony DeRobertis <asd@suespammers.org> writes:
> On Dec 3, 2003, at 21:07, Goswin von Brederlow wrote:
> >
> > You can just as well just check all the debs. gunzip doesn't take
> > longer, the slowest thing usually is the cdrom.
>
> True, so I should probably just put the md5sums files on my CD, and
> check those. That'd be far faster.
>
>
> I could even put the md5sums on a floppy, they're small. Or md5sums
> for all packages, even.
>
>
> Actually, I think the biggest benefit of md5sums is that while
> attackers certainly could modify them, often they don't. While passing
> debsums certainly can't prove the integrity of a system, debsums
> failing can certainly prove the lack of integrity.
And the next rootkit will change md5sums files too...
> And they do help when you suspect hardware troubles, too.
Having md5sums signatures instead of files _inside_ the deb doesn't
prevent that.
MfG
Goswin
Reply to: