[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sum proposal

On 19 May 1999, Manoj Srivastava wrote:

>  Christoph> plus you only have the checksums of the files *after* they
>  Christoph> were unpacked.
> 
>         This is an advantage. This allows me to have the md5sums of
>  the config files after I modified them. This also allows one to add
>  other directories and files to the checked list.

md5sums are a verficiation of permanently installed files guaranteering 
their integrity and not of user customizations. I think those issues need
to be separate.

>  Christoph> With md5sums you have the checksums of the files on the
>  Christoph> *maintainers* system and there is a verification that the
>  Christoph> files are the *same* as the maintainer generated
>  Christoph> them. That is what I want.
> 
>         And you do not trust the md5sum of the .deb (you do check
>  that, don't you?). The md5sum of the .deb file, signed by the
>  maintainer, and accepted by dinstall, guarantees you everything that
>  the md5sum would. Apt even checks the md5sum of the packages
>  downloaded. 

Nope. The md5sum of the deb does not allow me to figure out which
individual file was corrupted.

-----------------------------------------------------------------------------
               Christoph Lameter  (MS CS, M.Div.) http://lameter.com
                 Adjunct Professor (CS & Rel) University of Phoenix
-----------------------------------------------------------------------------
Reply to: