Re: are md5sums mandatory for all packages?

[eichin@kitten.gen.ma.us (Mark W. Eichin)]

Indeed, I've waited for this feature simply *because* it gives me a
comfortable feeling if the md5sums still check after
	1) a hardware flake out [computer at a residential site with
poor environment control, cheap IDE disks -- you know, what most
developers have, as well as many users] that *seems* to have recovered
cleanly.
	2) running a buggy build of e2fs*.  [Note that the bugs we've
had trouble with were all build/package bugs, not original code,
ie. missing declarations here and there...  but we've *had* them.]

I *am* a security expert -- which just means that I *know* that unless
I (at a minimum) sign the md5sums with an uncompromisable tool (like
tripwire, more hassle than most sites will actually use) then they'll
be useless from a security perspective.  *that's not what I want them
for*.  Security is meaningless without integrity;  this is a
reasonable cheap way to raise the *observable* integrity level of a
debian system.  And "pre-signing" the packages saves half the effort
for *every* user (in case you were considering the option of having
the end user md5sum things as they got installed.)

Perhaps it would help if the documentation made clear that these were
not security checks, but integrity checks.  Nonetheless, it would be a
nice thing to have...