Bug#155676: patch] dynamic sha1sums generation

To: 155676@bugs.debian.org
Subject: Bug#155676: patch] dynamic sha1sums generation
From: Colin Walters <walters@debian.org>
Date: 07 Aug 2002 13:56:36 -0400
Message-id: <[🔎] 1028742997.12858.27.camel@space-ghost>
Reply-to: Colin Walters <walters@debian.org>, 155676@bugs.debian.org
In-reply-to: <[🔎] 20020807064236.GB30852@azure.humbug.org.au>
References: <[🔎] 1028610263.14212.4.camel@space-ghost> <[🔎] 20020807064236.GB30852@azure.humbug.org.au>

[ No need to CC me, despite what the BTS does to Reply-To ]

On Wed, 2002-08-07 at 02:42, Anthony Towns wrote:

> AIUI, that's usually avoided by listing the file size as well as the
> md5sum. At the very least listing the expected file size gives you a
> very easy check for a lot of accidental corruption.

True.  And actually any weaknesses in MD5 are rather irrelevant for this
particular case, because a hostile attacker will be able to simply
replace any of the checksum files they want.  But I think it's a good
idea to push SHA1 in general, so I used it.  It would however be pretty
trivial to modify the patch to use MD5, and to include the file size.

> Wouldn't it be more sensible to put it in
> 
> 	/var/lib/dpkg/checksums/foo.sha1

Yes it would.  Thanks.  I just did that in my local version; I'll send
in a new patch after any other changes the dpkg maintainers require are
made.

Reply to:

Follow-Ups:
- Bug#155676: patch] dynamic sha1sums generation
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- Bug#155676: [patch] dynamic sha1sums generation
  - From: Colin Walters <walters@debian.org>
- Bug#155676: patch] dynamic sha1sums generation
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: Processed: Re: Bug#155799: dpkg should keep md5sum of installed files
Next by Date: Bug#155676: Bug#155799: dpkg should keep md5sum of installed files
Previous by thread: Bug#155676: patch] dynamic sha1sums generation
Next by thread: Bug#155676: patch] dynamic sha1sums generation
Index(es):
- Date
- Thread