On Fri, Aug 17, 2007 at 04:47:38PM -0700, Russ Allbery wrote: > Peter Samuelson <peter@p12n.org> writes: > > > I'd opt for dpkg generating the checksums upon _extracting_ the .deb > > file. We already claim that the md5sums file isn't supposed to be any > > kind of security thing. Why bother to ship it? It is redundant > > information which can easily be regenerated on the user's system. > > While it's not the be-all and end-all of security, other OS vendors (Sun > in particular) have found it useful to make available a central database > of MD5 checksums of known-good versions of various binaries. This has > proven invaluable in not a few breakins and compromises when doing > forensics. Since we have such a database essentially for free now in the > form of the md5sums control files, I'd rather not take an approach that > gets rid of it, even if it isn't a horribly effective security measure. Actually, we should have this information as part of the information for a Release (as asked for in #268658), alongside the Contents and Packages files. Local Md5sums can be useful to detect hardware breakage but not so much for forensic analysis (unless taken from an external trusted sourced, not the system which was compromised) BTW, NIST provides a very handy information called the National Software Reference Library (NSRL, http://www.nsrl.nist.gov/) which comes also very handy for either forensic analysis or setting up a baseline of known files (when using an integrity checking tool such as tripwire or samhain) for a large number of servers. If we provided such information they could possibly easily include it there too which would be an improvement, since they currently only carry information on ancient versions of Linux distributions (and Debian is not one of them) Regards Javier
Attachment:
signature.asc
Description: Digital signature