Re: verifying a Debian package

To: Debian Users <debian-user@lists.debian.org>
Subject: Re: verifying a Debian package
From: David Z Maze <dmaze@debian.org>
Date: Wed, 03 Sep 2003 11:07:07 -0400
Message-id: <[🔎] 878yp59ahw.fsf@everett.mit.edu>
In-reply-to: <[🔎] 20030903104729.GN2761@ganymede> (Karsten M. Self's message of "Wed, 3 Sep 2003 11:47:29 +0100")
References: <[🔎] 20030902232040.GA25300@ucsd.edu> <[🔎] 20030903104729.GN2761@ganymede>

"Karsten M. Self" <kmself@ix.netcom.com> writes:

> Many files within many debian packages _do_ have MD5 sums.  The
> debsums package allows you to validate installed files against an
> md5sum database.  Think through what it is you're trusting when you
> do this.

I've found debsums very useful in recovering from hardware corruption;
it gives me a list of packages where things on the hard drive are
missing or not what's expected.  I wouldn't trust it for trying to
recover a cracked machine, though (it's easy enough for a rootkit to
regenerate the md5sum files if it wants to).

-- 
David Maze         dmaze@debian.org      http://people.debian.org/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

References:
- verifying a Debian package
  - From: Paul Yeatman <pyeatman@ucsd.edu>
- Re: verifying a Debian package
  - From: "Karsten M. Self" <kmself@ix.netcom.com>

Prev by Date: Re: Nagios on Debian
Next by Date: Re: Memory
Previous by thread: Re: verifying a Debian package
Next by thread: Re: verifying a Debian package
Index(es):
- Date
- Thread