[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sum proposal



I "second" the objection. I think, that while the md5sum may not do harm
(although if you're relying on it for security reasons you may be
believing files that have been changed) -- I think we need to put more
thought into this (as suggested: tripwire, juliet filesystem, etc) for
many other reasons.

BR

On 17 May 1999 at 15:27, Manoj Srivastava wrote about "Re: md5sum proposal":

> Hi,
> >>"Peter" == Peter S Galbraith <GalbraithP@dfo-mpo.gc.ca> writes:
> 
>  >> After some file system crash or any other seasons I'd like to check
>  >> which files are corrupted, i.e. by 'debsums' tool.
> 
>  Peter> This reason alone is enough.  I second the motion.
> 
>         Why reinvent the wheel and further bloat the packjaging
>  system? Tripwire does this just fine. And I would rather we wrote a
>  standalone file monitoring system that took into account my
>  modifications of config files in /etc (which can't be put into the
>  package, since I do modify the files).
> 
>         When it comes to security, half bakes solutions are worse than
>  none at all. Debsums do not provide any security when it comes to
>  package integrity checking, or protection against breaches, and they
>  leave exposed the most critical parts of the system -- the config
>  files. 
> 
>         I think I object to this proposal on technical grounds.
> 
>         manoj
> 

-- 
Brock Rozen                                              brozen@torah.org
Director of Technical Services                             (410) 602-1350
Project Genesis                                     http://www.torah.org/ 



Reply to: