Re: md5sum proposal
Hi,
Oh no, not again.
>>"Piotr" == Piotr Roszatycki <dexter@fnet.pl> writes:
Piotr> I think DEBIAN/md5sums file should be required for all packages.
Piotr> md5sums is very useful for security reasons
Not really. Any security threat can modify your md5sum file,
which defeats the security purpose. (Please. look into the archives,
this has been brought up before).
Piotr> (trojans, fs crash, unexpected file modification) but a lot of
Piotr> important packages (sysvinit, dpkg, debianutils, bash,
Piotr> adduser, etc.) don't have this integrity verification.
Have you looked into tripwire?
Piotr> I propose any Debian package have to contains md5sums.
I propose we ask security experts before touting security as a
reason.
manoj
--
College isn't the place to go for ideas. Helen Keller
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: