Re: md5sum proposal

To: debian-policy@lists.debian.org
Subject: Re: md5sum proposal
From: Manoj Srivastava <srivasta@debian.org>
Date: 23 May 1999 23:49:46 -0500
Message-id: <87ogjbnkb9.fsf@glaurung.green-gryphon.com>
In-reply-to: Christoph Lameter's message of "Sun, 23 May 1999 14:47:26 -0700 (PDT)"
References: <Pine.LNX.4.10.9905231444400.18734-100000@cyrix200.lameter.com>

Hi,
>>"Christoph" == Christoph Lameter <christoph@lameter.com> writes:

 Christoph> md5sums are a verficiation of permanently installed files
 Christoph> guaranteering their integrity and not of user
 Christoph> customizations. I think those issues need to be separate.

        I really think you are not following the discussion here. We
 all more or less agreed that integrity of packages is adequately
 checked by md5sum on the deb file itself. Now, if you want to have a
 system that checks md5sums as installed on your ,achine, have at it,
 but then, you may as well include the local files.

        Either you trust the package as it is installed, or you
 don't. If you don't trust the package as a whole, trusting the
 internal md5sums is silly.

        It is reasonably fast generating a md5sums file. A simple
 script is all you need. And if you run it after customization, and
 corruptiopn of your local files shall also be detected.

        I am tired of repeating these technical objections over and
 over again.

 Christoph> Nope. The md5sum of the deb does not allow me to figure out which
 Christoph> individual file was corrupted.

        That does it. You really do not listen to the discussions, but
 jump in with your unchanged statements over and oiver again. If you
 want verification of files that have changed, you should create a
 local md5sums repository. 

        Those of us who do care about security already do so, and it
 is a better method, and does not impact people who do not care about
 integrity checking.

        In anycase, builiding it into the packaging system is
 unnecesary, and should be avoided. Keep things simple.

        manoj
-- 
 "But are you not," he said, "a more fiendish disputant than the Great
 Hyperlobic Omni-Cognate Neutron Wrangler of Ciceronicus Twelve, the
 Magic and Indefatigable?"  "The Great Hyperlobic Omni-Cognate Neutron
 Wrangler," said Deep Thought, thoroughly rolling the r's, "could talk
 all four legs off an Arcturan Mega-Donkey -- but only I could
 persuade it to go for a walk afterward." Hitchhiker's Guide to the
 Galaxy
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E

Reply to:

References:
- Re: md5sum proposal
  - From: Christoph Lameter <christoph@lameter.com>

Prev by Date: Bug#38212: debian-policy: [PROPOSAL] rewrite of section 5.7
Next by Date: Bug#38212: debian-policy: [PROPOSAL] rewrite of section 5.7
Previous by thread: Re: md5sum proposal
Next by thread: Re: md5sum proposal
Index(es):
- Date
- Thread