Re: md5sum proposal
Hi,
>>"Peter" == Peter S Galbraith <GalbraithP@dfo-mpo.gc.ca> writes:
Peter> Then why do we half do it already?
I don't. I do not think anyone should. However, I am williong
not to micromanage other developers.
Peter> Is there another reason? (I'm not talking `secure', I'm talking
Peter> help for crash recovery).
This is not a good tool. It does not cover config files, or
/usr/local/, or my home directories. As a local sysadmin, I
can't control what should be watched, and what should not.
>> We all feel that you have a point, but we also see that you can't offer a
>> high quality solution. If you can give us a free clone of tripwire or
>> something like that, we can see what we can do to integrate it into the
>> standard Debian distribution. As Manoj said, (I don't remember the correct
>> words), a half baken solution can be worse then no solution at all.
Peter> Isn't that what we have now? I'd suggest we either have using
Peter> md5sums files for _all_ packages, or remove them (over time) from
Peter> packages that do use them.
I second the latter half. I tried that before, but I did not
have the energy to harangue others.
Peter> I personally think that
Peter> (1) we already use them,
No, *WE* don't.
Peter> (2) they don't hurt and
Yes, they do. They seem to give some (admittedly naive) people
the impression that they are a security tool. The resulting false
sense of security is dangerous
Peter> (3) they could help.
And they prevent a better tool from being written. One can
start with a script, that looks for trees to watch, and reads in
include and exclude files (regular expressions permitted), and
maintains a db of files configured.
One can build on this basic program until we have a real
security tool. However, until we push for it, it won't be written.
Peter> I don't see this as a half baked solution to helping crash
Peter> recovery.
Sorry. You are not looking ahrd enough, then.
Peter> Our present state of half the packages using them _is_ half
Peter> baked.
The policy does not state we be including them. Some developer
seem to be including them in -- their package, their choice what does
go in. I agree it is kinda useless.
manoj
--
Do molecular biologists wear designer genes?
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: