[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I'm afraid I've been cracked.

Ethan Benson <erbenson@alaska.net> writes:

> > have a similar funcitonality? I couldn't find mention of it in the man page.
> 
> debsums but like rpm -V its worthless for security.  only useful for
> finding corruption due to disk crashes and whatnot.

 But this is so easy to fix.

 Consider...

% apt-get install apt
% apt-get install debsums
% debsums -a --from="http"

 The first bit might have to be a bit "magic" in that it'd have to at
least try and cope with apt-get being hacked. But in theory that could
be replaced with a "lynx -dump http://security.debian.org/apt | sh"
ala. helix gnome.
 However as soon as you trust apt the only thing that needs to be
added is for debsums to check against a debian mirror (and for all the
debian packages to come with md5sums).

-- 
James Antill -- james@and.org
"If we can't keep this sort of thing out of the kernel, we might as well
pack it up and go run Solaris." -- Larry McVoy.
Reply to: