Re: md5sum proposal

To: debian-policy@lists.debian.org
Subject: Re: md5sum proposal
From: Manoj Srivastava <srivasta@debian.org>
Date: 17 May 1999 15:23:15 -0500
Message-id: <873e0vzbrg.fsf@glaurung.green-gryphon.com>
In-reply-to: Piotr Roszatycki's message of "Mon, 17 May 1999 16:42:42 +0200 (CEST)"
References: <Pine.LNX.4.10.9905171635230.9624-100000@cyan.fnet.pl>

Hi,

        Oh no, not again.

>>"Piotr" == Piotr Roszatycki <dexter@fnet.pl> writes:

 Piotr> I think DEBIAN/md5sums file should be required for all packages.
 Piotr> md5sums is very useful for security reasons

        Not really. Any security threat can modify your md5sum file,
 which defeats the security purpose. (Please. look into the archives,
 this has been brought up before).

 Piotr> (trojans, fs crash, unexpected file modification) but a lot of
 Piotr> important packages (sysvinit, dpkg, debianutils, bash,
 Piotr> adduser, etc.) don't have this integrity verification.

        Have you looked into tripwire?

 Piotr> I propose any Debian package have to contains md5sums.

        I propose we ask security experts before touting security as a
 reason.

        manoj       
-- 
 College isn't the place to go for ideas. Helen Keller
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to:

References:
- md5sum proposal
  - From: Piotr Roszatycki <dexter@fnet.pl>

Prev by Date: Re: md5sum proposal
Next by Date: Re: md5sum proposal
Previous by thread: Re: md5sum proposal
Next by thread: Re: md5sum proposal
Index(es):
- Date
- Thread