Re: debsums for maintainer scripts (was: Re: Revival of the signed debs discussion)
On Mon, 1 Dec 2003 Chad Walstrom wrote:
> md5sums and signatures are most useful in the context of installation.
> Post-installation, you cannot be guaranteed that an intrusion rootkit
> doesn't compromise the md5sum files themselves.
Sure. The MD5 sums have uses beyond install-time integrity checking,
though. I use debsums to help me decide what I need to back up - if a
file's shipped with a package and hasn't been modified, I don't back up
the file, because I already back up the fact that that package was
installed. This lets me get my whole system onto an uncompressed EXT2 FS
on DVD-RAM while still backing up the scripts, etc. that I customized.