Bug#155676: patch] dynamic sha1sums generation
On Wed, Aug 07, 2002 at 01:56:36PM -0400, Colin Walters wrote:
> On Wed, 2002-08-07 at 02:42, Anthony Towns wrote:
> True. And actually any weaknesses in MD5 are rather irrelevant for this
> particular case, because a hostile attacker will be able to simply
> replace any of the checksum files they want.
Well, unless you backup /var/lib/dpkg/checksums/ to WORM media, like
a CD ROM or paper.
I had the coolest little "hack" that'd let you verify large numbers
of md5sums by hand from paper once... (think binary-trees, and md5sums
But the key part of this is to have dpkg generate the md5sums at install
time. I suppose it'd actually be handy if you could generate the md5sums
just from the .deb without having to unpack it, too.
Anthony Towns <email@example.com> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``If you don't do it now, you'll be one year older when you do.''