Re: md5sums

To: Charles Briscoe-Smith <cpbs@debian.org>
Cc: debian-policy@lists.debian.org
Subject: Re: md5sums
From: cwitty@newtonlabs.com (Carl R. Witty)
Date: 03 Dec 1998 13:09:37 -0800
Message-id: <[🔎] v4jogpllypa.fsf@bogomips.newtonlabs.com>
In-reply-to: Charles Briscoe-Smith's message of "Thu, 3 Dec 1998 17:08:01 GMT"
References: <[🔎] 199812031708.RAA04341@pcsw104b.ukc.ac.uk>

Charles Briscoe-Smith <cpbs@debian.org> writes:

> srivasta@datasync.com (Manoj Srivastava) wrote:
> > Charles> to check whether you have mistakenly edited an installed script which
> > Charles> wasn't a conffile,
> >
> >	Ok. But this is not an operation that everyone wants (I
> > personally have never needed to do that -- and I can, since I have a
> > local mirror, and I can use dpkg --unpac in /tmp and compare
> > files). Given that there are old, slow, and low disk space machines
> > out there, one should not push all this to every machine out there. 
> 
> First, I -did- suggest that it should be optional.
> 
> Second, I've never "needed" to do this either, but if the option was
> there, I'd probably use it to verify my system against accidental breakage
> every so often.

This is an operation I'd very much like to be able to perform.

I share sysadmin on the machines here with people who are not totally
indoctrinated in "the Debian way".  If something breaks, they're going
to fix it however they can; this could include modifying scripts
(conffiles or not), overwriting binaries in /usr/bin with
freshly-compiled ones (which are not in Debian packages), etc.  In
fact, I don't think this is really unreasonable; when something
breaks, you don't have time to fight with the packaging system to
figure out the "right" way to fix it.

I try to keep track of this sort of thing, so that these fixes don't
get wiped out on upgrades; but I'm never sure if I wrote down even all
the stuff I did myself, let alone changes made by other people.  This
makes upgrades a slightly nerve-wracking procedure.  If there were
something I could run to see what files from Debian packages no longer
match the distributed versions, I would definitely use it on a regular
basis.

dpkg --unpack and compare doesn't come anywhere close, unless it's
highly automated.  Even if it is, it still does several times as much
disk access as the md5sums approach.  I really want md5sums files and
something which will run over the system comparing the md5sums file
against what's actually there.

Note that I have not mentioned malicious crackers--I realize that this
provides no protection against minimally knowledgeable crackers.  I
also have expressed no opinion as to whether the md5sums files should
be in the .deb or generated by dpkg; I really don't care.

Carl Witty
cwitty@newtonlabs.com

Reply to:

References:
- Re: md5sums
  - From: Charles Briscoe-Smith <cpbs@debian.org>

Prev by Date: Re: PW#5-12: New upload procedure
Next by Date: Bug#29770: Policy contradicts itself about /etc/aliases
Previous by thread: Re: md5sums
Next by thread: Question about policy-change process
Index(es):
- Date
- Thread