Re: md5sum proposal

To: Branden Robinson <branden@ecn.purdue.edu>
Cc: debian-policy@lists.debian.org, recipient list not shown: ;
Subject: Re: md5sum proposal
From: Christoph Lameter <christoph@lameter.com>
Date: Mon, 24 May 1999 17:19:45 -0700 (PDT)
Message-id: <Pine.LNX.4.10.9905241715310.24712-100000@cyrix200.lameter.com>
In-reply-to: <19990524153535.A1424@ecn.purdue.edu>

On Mon, 24 May 1999, Branden Robinson wrote:

> I will formally oppose any proposal to require md5sums files within Debian
> packages unless it makes absolutely clear that they are not a defense
> against intrusion, but only against "mindless" data corruption like a
> failing hard disk.

Or a virus... usually they are also not that intelligent. Or whatever else
we dont know right now which might modify files in the wrong such as a
broken binary / library. md5sums are not a protection against a hacker who
is an expert at his trade but it is a protection against joe-hacker round
the corner who just replaces a binary. These are the average persons I
have encountered. Plus it is also a protection against myself. On occasion
I have replaced a binary manually to fix a burning issue or for testing 
and forgotten about replacing the original afterwards.

md5sums are a general way to be able to verify the integrity of individual
files and I think we need that.

-----------------------------------------------------------------------------
               Christoph Lameter  (MS CS, M.Div.) http://lameter.com
                 Adjunct Professor (CS & Rel) University of Phoenix
-----------------------------------------------------------------------------

Reply to:

Follow-Ups:
- Re: md5sum proposal
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: md5sum proposal
  - From: Branden Robinson <branden@ecn.purdue.edu>

Prev by Date: PROPOSAL: automatic installation and configuration
Next by Date: Bug#38212: Seconded
Previous by thread: Re: md5sum proposal
Next by thread: Re: md5sum proposal
Index(es):
- Date
- Thread