[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

Hi,

On Wed, Mar 03, 2010 at 02:25:44PM -0500, Joey Hess wrote:
> Osamu Aoki wrote:
> > True but debsums can address these issues by system administrator
> > touch-ups as documented in manpage using:
> > 
> >  * /etc/apt/apt.conf.d/90debsums (debsums >= 2.0.7)
> >  * debsums_init(8)               (debsums >= 2.0.34 @ 2007)
> 
> It's not uncommon to be given an existing system and want to verify
> that no files were modified by its creator, and the current lack of
> md5sums files for a few packages prevents using debsums to do that.

Wait a moment...  I do not think those few packages prevents using
debsums to do that.  By using debsums_init, you can download (but not
install) packages and create md5sums files for those few packages
preventing to use debsums first.

At least using debsums_init, you have easier time to do what you were
thinking to do.  (That is why I wrote it.  It is ultra short simple
shell script.)

> (The most common case is probably buying a Debian VM from a hosting
> company.)

(If someone changes installed values of md5sums, debsums are helpless,
as we all agree.)

Osamu
Reply to: