Re: Trying to understand how checksums and signatures work

To: debian-user@lists.debian.org
Subject: Re: Trying to understand how checksums and signatures work
From: Timothy <tim@goddard.net.nz>
Date: Tue, 18 Dec 2007 00:04:28 +1300
Message-id: <[🔎] 200712180004.50242.tim@goddard.net.nz>
In-reply-to: <[🔎] 47660930.7040804@vif.com>
References: <[🔎] 47660930.7040804@vif.com>

On Monday 17 December 2007 18:29:20 Gilles Pelletier wrote:
> I found out the MD5SUMs are in the package itself but where are the
> signatures? I suppose they're in the file that is updated when you do an
> update. But where is this file?

The foo_0.2_arch.changes file for each upload can be signed and contains the 
md5 checksums of the package files. I'm not sure where apt gets a copy of 
this from.

> Why are every file in the package md5summed ? Wouldn't a sum on the
> whole package be enough?

I'm not completely sure but one application I can think of would be to track 
changes or to check easily whether files in two packages are identical. It's 
a bit redundant but where's the harm?

> I had a bad experience while trying to install guarddog on Knoppix
> (installed)this weekend. Synaptic apparently did a full update before
> installing guarddog, even chinese keyboards! That took a long time! It
> was getting late and the fine print was really, really small. At one
> point it asked if I wanted to restart the computer or continue. I was in
> no mood to restart and thought "What the heck, I'll see to this later!"
> 
> When I rebooted I had the message "Starting system log daemon: syslogd"
> and the system hanged there. I rebooted with a Kubuntu Live-CD and tried
> to find an answer to this problem on the net, but in vain. So, I
> rebooted and removed savedefault on the boot prompt. The boot hanged
> very soon. I put back  savedefault, and it finally worked. Lots of
> headaches!
>
> Is there a Linux distro that won't let you continue when you *have* to
> reboot? You know, more foolproof.

You pretty much never have to reboot when running a Linux-based OS. Many 
server admins cannot afford to reboot so anything that tried to force them to 
wouldn't go down well. Knoppix is not really intended to be used as a 
disk-based OS and may be rough around the edges with regards to updating, 
packages, etc as few people will be testing this behaviour. Perhaps you could 
try a proper Debian install?

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

References:
- Trying to understand how checksums and signatures work
  - From: Gilles Pelletier <gpel@vif.com>

Prev by Date: Re: ffmpeg encoding issues & AAC
Next by Date: Re: Trying to understand how checksums and signatures work
Previous by thread: Re: Trying to understand how checksums and signatures work
Next by thread: Re: Trying to understand how checksums and signatures work
Index(es):
- Date
- Thread