Re: Bug#540215: Introduce dh_checksums
On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote:
> Russ Allbery wrote:
> > It's also always worth bearing in mind that while a really good attacker
> > can do all sorts of complex things that make them very hard to find, most
> > attackers are stupid and straightforward.
> It's stupid and straightforward to install /usr/local/bin/ls. debsums
> will not detect it.
And it's as straightforward to find files which don't belong to any
package and have some other means in place to check locally generated
If I understand you correctly, you argue that one would need some IDS
anyway to cover all files, and that could then be used also to verify
package files. Therefore making file signatures in packages
superfluous. I think I could agree with that. On the other hand, I
tend to keep /usr/local clean and create packages for for home-grown
software. If you do this consistently, you'd get a system where you
could verify all files without additional software (modulo the script
that checks for surplus files).
More important would be package signatures, anyway, because
currently there is no way to verify a package. I work with
testing/unstable a lot and often I have deb files lying around are
not in any Release, so there is no way of verifying them.