Re: md5sum proposal
Hi,
>>"Christoph" == Christoph Lameter <christoph@lameter.com> writes:
Christoph> We have tried to get dpkg to do md5sums since over 3 years
Christoph> now.
We? The policy group has in the past rejected this proposal
(it did come up for inclusion in policy a while ago).
Christoph> Given the inertia of the product we have no choice
Christoph> but to continue using what we have. I introduced md5sums
Christoph> only after it became clear that dpkg was an essentially
Christoph> deadbeat package and there was persistent demand for such
Christoph> a feature. Please get dpkg to do md5sums (keep the
Christoph> dream.. err fantasy alive) but until that time we need to
Christoph> keep using md5sums the way they are today.
I have a different memory of events. This proposal was brought
up on this list, and was shot down because
a) It really provides no security.
b) It would bloat the packaging system, when it does not really solve
the problem
c) It does not address the config files, which are quite as critical
-- more critical, in fact, than other files, because other files
can be foxed by reistalling the packages from a known good
archive/CD
d) There are standalone solutions that do a good job -- though we may
need to work on free replacements.
You may continue to prefer to believe (incorrectly, IMHO),
that it is the inertia of dpkg rather than technical flaws that have
kept the md5sums out of policy, but I beg to differ.
Christoph> It is useful and has helped me and others figure out
Christoph> corrupted files in a variety of situations. We are
Christoph> rearguing what has been argued 3 times over
Christoph> before... Situation has not changed so why bother
Christoph> repeating ourselves?
Precisely. You have yet to come up with anything that adresses
the technical shortcomings of the md5sum proposal. I, for one, use
tripwire. I would much prefer to use a free solution, but I do not
have time to write a secure replacement.
manoj
--
The very ink with which all history is written is merely fluid
prejudice. Mark Twain
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: