Re: md5sum proposal

To: debian-policy@lists.debian.org
Subject: Re: md5sum proposal
From: Manoj Srivastava <srivasta@debian.org>
Date: 17 May 1999 15:27:15 -0500
Message-id: <87zp33xx0c.fsf@glaurung.green-gryphon.com>
In-reply-to: Peter S Galbraith's message of "Mon, 17 May 1999 13:01:40 -0400"
References: <199905171701.NAA00836@mixing.qc.dfo.ca>

Hi,
>>"Peter" == Peter S Galbraith <GalbraithP@dfo-mpo.gc.ca> writes:

 >> After some file system crash or any other seasons I'd like to check
 >> which files are corrupted, i.e. by 'debsums' tool.

 Peter> This reason alone is enough.  I second the motion.

        Why reinvent the wheel and further bloat the packjaging
 system? Tripwire does this just fine. And I would rather we wrote a
 standalone file monitoring system that took into account my
 modifications of config files in /etc (which can't be put into the
 package, since I do modify the files).

        When it comes to security, half bakes solutions are worse than
 none at all. Debsums do not provide any security when it comes to
 package integrity checking, or protection against breaches, and they
 leave exposed the most critical parts of the system -- the config
 files. 

        I think I object to this proposal on technical grounds.

        manoj
-- 
 "Liberty is the mother, not the daughter, of order." Proudhon
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to:

Follow-Ups:
- Re: md5sum proposal
  - From: Brock Rozen <brozen@torah.org>
- Re: md5sum proposal
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>

References:
- Re: md5sum proposal
  - From: Peter S Galbraith <GalbraithP@dfo-mpo.gc.ca>

Prev by Date: Re: md5sum proposal
Next by Date: Re: md5sum proposal
Previous by thread: Re: md5sum proposal
Next by thread: Re: md5sum proposal
Index(es):
- Date
- Thread