Re: debsums for maintainer scripts

To: debian-devel@lists.debian.org
Subject: Re: debsums for maintainer scripts
From: Manoj Srivastava <srivasta@debian.org>
Date: Sat, 06 Dec 2003 01:27:29 -0600
Message-id: <[🔎] 87llpq5rtq.fsf@glaurung.green-gryphon.com>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 3FCF6280.9090805@beamnet.de> (Thomas Viehmann's message of "Thu, 04 Dec 2003 17:36:16 +0100")
References: <[🔎] 8765h0mzk1.fsf@mrvn.homelinux.org> <[🔎] 3FCB50A2.90907@beamnet.de> <[🔎] 20031201161124.GA21059@complete.org> <[🔎] 20031201170828.GA17611@zombie.inka.de> <[🔎] 20031201184317.GA1760@mail.schiach.de> <[🔎] 20031201185609.GA14602@cattlegrid.net> <[🔎] 20031201194918.GA749@khazad-dum.debian.net> <[🔎] 3FCBA96E.60300@beamnet.de> <[🔎] 20031201212244.GA11014@khazad-dum.debian.net> <[🔎] 87fzg2b3r1.fsf@glaurung.green-gryphon.com> <[🔎] 3FCF6280.9090805@beamnet.de>

On Thu, 04 Dec 2003 17:36:16 +0100, Thomas Viehmann <tv@beamnet.de> said: 

> Manoj Srivastava wrote:
>> Before we make such a push, we should at least ensure that it is
>> something we really want to do. I think locally generated checksums
>> are a better solution.
> To me, the main use of md5sums seems to be verifying nothing bad (as
> in accident, not malicious manipulation) happened to the extracted
> files.  md5sums included in the packages do that even earlier than
> those generated.

	Earlier than what?  You already can check the integrity of the
 .deb you are installing; don't install corrupted .debs. Now
 admittedly there is a window where files can be corrupted between
 unpacking and creating the checksums, in which case just run the ar
 .. tar -d incantation posted earlier to check the on disk file
 _after_ generating the checksum to make sure that that little window
 is also closed.

	manoj
-- 
"All my life I wanted to be someone; I guess I should have been more
specific." Jane Wagner
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

References:
- Revival of the signed debs discussion
  - From: Goswin von Brederlow <brederlo@informatik.uni-tuebingen.de>
- Re: Revival of the signed debs discussion
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: Revival of the signed debs discussion
  - From: John Goerzen <jgoerzen@complete.org>
- debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Eduard Bloch <edi@gmx.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Michael Ablassmeier <abi@grinser.de>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: christophe barbe <christophe@cattlegrid.net>
- Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: debsums for maintainer scripts
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: debsums for maintainer scripts
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: debsums for maintainer scripts
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: debsums for maintainer scripts
  - From: Thomas Viehmann <tv@beamnet.de>

Prev by Date: Re: Building a distribution from source?
Next by Date: Re: debsums for maintainer scripts
Previous by thread: Re: debsums for maintainer scripts
Next by thread: Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
Index(es):
- Date
- Thread