Re: Debian Verification?
Thank-you. Yes, a talented cracker could simply modify the databases,
however I hardly ever see this. Crackers usually don't think about
verification databases in the package manager. I have caught many a
cracker in RPM this way ;)
--
Arthur H. Johnson II
Catechist, St John Catholic Church, Davison MI USA
Debian GNU/Linux Advocate, Window Maker Advocate
President, Genesee County Linux Users Group
IRC: By-Tor@irc.windowmaker.org,#windowmaker
IRC: By-Tor@irc.debian.org,#debian
YIM: arthurjohnson
AIM: bytor4232
ICQ: 31770438
On Wed, 8 May 2002, Colin Watson wrote:
> On Wed, May 08, 2002 at 10:58:41AM -0400, Arthur H. Johnson II wrote:
> > Is this possible in dpkg? Can I "verify" debs? I looked through the man
> > pages and havent seen anything interesting.
>
> debsums, although not all packages provide MD5sums files so you'll have
> to use 'debsums -g' to generate the missing ones. Plans for signed .debs
> have been made and will be implemented at some point.
>
> Of course, this doesn't help you if a cracker alters
> /var/lib/dpkg/info/*.md5sums - but it sounds like 'rpm --verify' has the
> same proviso. The debsums(1) man page talks about this under CAVEATS.
>
>
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: