[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: announcing the beginning of security support for testing

Could a list of md5sums be provided for this archive, like the file
/debian/indices/md5sums.gz in the main (debian) archive?  With the help
of a simple script, this file allows me to check the package integrity in my
mirror of the main debian archive.  I am hoping that this method can be used
for other archives as well, as an alternative to the currently recommended
checking method.

The problem with the secure-testing checking procedure (which is also used
by security.debian.org and marillat archives) is that it requires apt 0.6.*
Unfortunately, the version of apt in debian testing is only and in
any case it will be a long time before all of my systems run apt version 0.6
or higher.

In addition, the recommended checking procedure only checks packages
during installation, if I understand it correctly -- it cannot check the
inegrity of an entire mirror archive.  For my purposes, I need to check
the integrity of all packages in my local archives, before I attempt to
install them.

Compounding this problem is the fact that rsync to the (primary) secure-testing
archive is disallowed using the -c (checksumming) option, understandably so.
rsync with checksumming has been my workaround with my local debian-security archive.

*See http://www.debian.org/doc/manuals/securing-debian-howto/ch7#s-deb-pack-sign
which is referenced by the Debian security FAQ.

Reply to: