Re: md5sum proposal
Hi,
I still do not see why this has anything to do with the
packaging system. If all you want is to ensure that the files on your
system have not been modified since the time you installed them (and,
frankly, I think you really really should also look at things like
/etc/hosts.allow et al which are ven more critical), then you should
run a script locally that does that.
Why forther bloat the packaging system?
manoj
>>"Christoph" == Christoph Lameter <christoph@lameter.com> writes:
Christoph> On Mon, 24 May 1999, Branden Robinson wrote:
>> I will formally oppose any proposal to require md5sums files within Debian
>> packages unless it makes absolutely clear that they are not a defense
>> against intrusion, but only against "mindless" data corruption like a
>> failing hard disk.
Christoph> Or a virus... usually they are also not that
Christoph> intelligent. Or whatever else we dont know right now which
Christoph> might modify files in the wrong such as a broken binary /
Christoph> library. md5sums are not a protection against a hacker who
Christoph> is an expert at his trade but it is a protection against
Christoph> joe-hacker round the corner who just replaces a
Christoph> binary. These are the average persons I have
Christoph> encountered. Plus it is also a protection against
Christoph> myself. On occasion I have replaced a binary manually to
Christoph> fix a burning issue or for testing and forgotten about
Christoph> replacing the original afterwards.
Christoph> md5sums are a general way to be able to verify the integrity of individual
Christoph> files and I think we need that.
--
Dead? No excuse for laying off work.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
Reply to: