[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian should move away from MD5 (and at best also from SHA1) (in secure APT and friends)

On Sun, 2012-10-14 at 17:25 +0600, Andrey Rahmatullin wrote:
> """
> debsums is intended primarily as a way of determining what installed files
> have been locally modified by the administrator or damaged by media errors
> and is of limited use as a security tool.
> If you are looking for an integrity checker that can run from safe media,
> do integrity checks on checksum databases and can be easily configured to
> run periodically to warn the admin of changes see other tools such as:
> aide, integrit, samhain, or tripwire.
> """

I never claimed (and already explicitly said that before) that it was
intended to be used for that,... or that I would do or recommend so...
just that people might and that it already happens more or less
(rkhunter has a mode of doing so, IIRC).


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to: