Re: Debian Verification?

To: Colin Watson <cjwatson@debian.org>
Cc: Debian User Mailing List <debian-user@lists.debian.org>
Subject: Re: Debian Verification?
From: "Arthur H. Johnson II" <arthur@usol.com>
Date: Thu, 9 May 2002 06:30:57 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.44.0205090629320.7025-100000@cygnus>
In-reply-to: <[🔎] 20020508150519.GB19145@arborlon.riva.ucam.org>

Thank-you.  Yes, a talented cracker could simply modify the databases,
however I hardly ever see this.  Crackers usually don't think about
verification databases in the package manager.  I have caught many a
cracker in RPM this way ;)

-- 
Arthur H. Johnson II
Catechist, St John Catholic Church, Davison MI USA
Debian GNU/Linux Advocate, Window Maker Advocate
President, Genesee County Linux Users Group

IRC:  By-Tor@irc.windowmaker.org,#windowmaker
IRC:  By-Tor@irc.debian.org,#debian
YIM:  arthurjohnson
AIM:  bytor4232
ICQ:  31770438

On Wed, 8 May 2002, Colin Watson wrote:

> On Wed, May 08, 2002 at 10:58:41AM -0400, Arthur H. Johnson II wrote:
> > Is this possible in dpkg?  Can I "verify" debs?  I looked through the man
> > pages and havent seen anything interesting.
>
> debsums, although not all packages provide MD5sums files so you'll have
> to use 'debsums -g' to generate the missing ones. Plans for signed .debs
> have been made and will be implemented at some point.
>
> Of course, this doesn't help you if a cracker alters
> /var/lib/dpkg/info/*.md5sums - but it sounds like 'rpm --verify' has the
> same proviso. The debsums(1) man page talks about this under CAVEATS.
>
>


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: Debian Verification?
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Woody install floppies
Next by Date: PS/2 mouse
Previous by thread: Re: Debian Verification?
Next by thread: cron.hourly message
Index(es):
- Date
- Thread