[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

Harald Braumann wrote:
> On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote:
> > It's stupid and straightforward to install /usr/local/bin/ls. debsums
> > will not detect it.
> And it's as straightforward to find files which don't belong to any
> package and have some other means in place to check locally generated
> files.

I don't want to get dragged into continuing to provide counterexamples,
but it's also fairly easy to modify a file in /etc to provide a
backdoor, such that neither debsums nor cruft will notice it.

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: