On Mon, Aug 27, 2007 at 12:04:51PM +0200, A Mennucc wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Stefano Zacchiroli ha scritto: > > In an attempt to prevent drift to a well-known counter argument: > > DEBIAN/md5sums (used by debsums) are *not* intended as a mean to counter > > security attacks, since they can be easily altered. > > If md5sums become part of the policy, then this brings me to an old idea > of mine. (... idea related to forensic use of md5sums ...) This we could do already. We don't need md5sums in files, a script could just generate this for a stable release and publish that file (signed). Even better, that file could ship whatever hashes we believed were "good enough" for forensics (MD5? SHA-1? SHA-256?). I think I already pointed people interested in this to #268658. If ftpmasters where given the tools to implement this seamlessly then you could have aside tools that downloaded that file from the FTP site, and locally checked the md5sums. Regards Javier PS: BTW, if you do this with a searchable web interface you also have to ensure that you have a trust path to it, that means using SSL with a "good" certificate..
Attachment:
signature.asc
Description: Digital signature