Re: How to securely verify that package-installed files match originals?

To: Erik Poupaert <erik@sankuru.biz>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: How to securely verify that package-installed files match originals?
From: Georgi Guninski <gguninski@gmail.com>
Date: Fri, 15 Jan 2021 08:31:20 +0200
Message-id: <[🔎] CAGUWgD-Zfg7jTq1vUd6zfvqs-amsNkd=i1fPxp3_Xz62zfLoEw@mail.gmail.com>
In-reply-to: <[🔎] CAFqk0_+6TjhGmBvbgohx9h=2gUNTZ1t1YtEf-6OaHXY5kKvDVA@mail.gmail.com>
References: <[🔎] CAFqk0_+6TjhGmBvbgohx9h=2gUNTZ1t1YtEf-6OaHXY5kKvDVA@mail.gmail.com>

On Thu, Jan 14, 2021 at 12:57 PM Erik Poupaert <erik@sankuru.biz> wrote:
>

> So, I mount the disk of this computer as folder /mnt/audit in my second computer, which I still trust. Now, I want to audit the installation foot print of dpkg in /mnt/audit from this second computer.
>
As pointed by others, integrity of checksums doesn't guarantee lack of
backdoor, since the backdoor can be in other places, not seen by
mount(8).

Reply to:

References:
- How to securely verify that package-installed files match originals?
  - From: Erik Poupaert <erik@sankuru.biz>

Prev by Date: Re: How to securely verify that package-installed files match originals?
Next by Date: Upcoming stable point release (10.8)
Previous by thread: Re: How to securely verify that package-installed files match originals?
Next by thread: Upcoming stable point release (10.8)
Index(es):
- Date
- Thread