Re: md5sums

To: Christoph Lameter <christoph@lameter.com>
Cc: Manoj Srivastava <srivasta@wgolden-gryphon.com>, debian-policy@lists.debian.org
Subject: Re: md5sums
From: Jason Gunthorpe <jgg@ualberta.ca>
Date: Tue, 1 Dec 1998 19:11:56 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.981201191028.27183D-100000@wakko>
In-reply-to: <[🔎] Pine.LNX.4.03.9812011723510.21329-100000@lameter.com>

On Tue, 1 Dec 1998, Christoph Lameter wrote:

> debsums is used for md5sums generated *before* generating the .deb. They
> will detect any tampering attempts or any other accidents in the whole
> packaging in and out process. Its an attempt to guarantee that the files
> are the way they were on the *maintainers* system.
> 
> tripwire adds md6sums *after* installing a .deb and a virus infected
> system could already have modified files.

Including the md5sum files :> It is no safer to generate and include the
hashes then it is to have the hashes generated on the fly. Both are
equally susceptible to all sorts of attacks

Jason

Reply to:

References:
- Re: md5sums
  - From: Christoph Lameter <christoph@lameter.com>

Prev by Date: Re: md5sums
Next by Date: Re: md5sums
Previous by thread: Re: md5sums
Next by thread: Re: md5sums
Index(es):
- Date
- Thread