[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-diff: a tool to diff filesystem content against APT

On Fri, Dec 10, 2010 at 10:30:02PM -0600, Peter Samuelson wrote:
> [Osamu Aoki]
> > As I read manpage of dh_md5sums, it states:
> >        -x, --include-conffiles
> >            Include conffiles in the md5sums list. Note that this
> > information is redundant since it is included elsewhere in debian
> > packages.
> "Note that this information is redundant" - that's rich.  As though
> the entire md5sums file weren't redundant.  (I.e., could easily be
> generated at unpack time.)  People seem to hold on to their reasons
> why it's important to have these integrity checks in the .deb itself,
> not just on the installed system, but ... yeah.  Shipping md5sums of
> conffiles is only a little bit more redundant than shipping md5sums
> of the rest of the files.

IIRC, the reason md5sums of conffiles are shipped is to determine
whether they have been changed by the administrator so that dpkg knows
whether to automatically replace them with newer versions or not.  As
for integrity checks, which serve a different purpose, MD5 is completely
inadequate for this, since it is possible to generate arbitrary
collisions for it.  For integrity purposes, SHA512 would be a better
choice, or maybe SHA256 for 32-bit systems[0].

[0] On 64-bit systems, SHA512 is actually faster than SHA256.  SHA384
and SHA224 are not good choices because they are computationally
equivalent to SHA512 and SHA256 but have less security.

brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to: