Is there a way to make DPKG observe what is in the system, comparing with careful SHA1/MD5/etc., and then announce that it must be installed already, and put it into the dpkg system? If not, that can be put on to the todo list. RedHat's RPM, by the way, does have a way to do this: you download packages, run rpm --initdb, then do rpm -Vp *.rpm, then whatever seems to be installed you do rpm --justdb -Up *.rpm. -V stands for Verify, -p stands for uninstalled package, --justdb stands for updating just the database, not the installed files (there is also an rpm --initdb just to start things out), -U upgrade. This checks files against PGP (actually, GnuPG now) signatures, md5 sums, file modification times, and a list of other things like file size, file type, mode (permissions), owner, group. Discrepancies are displayed. Improving upon RPM, you could also check SHA1 and the other one that OpenBSD does (I forget which one it is).
Description: PGP signature