Re: md5sums in security advisories

To: debian-www@lists.debian.org
Subject: Re: md5sums in security advisories
From: "James A. Treacy" <treacy@master.debian.org>
Date: Tue, 24 Apr 2001 18:23:16 -0500
Message-id: <[🔎] 20010424182316.A24298@debian.org>
In-reply-to: <[🔎] 20010424191244.U15731@justice.loyola.edu>; from mstone@debian.org on Tue, Apr 24, 2001 at 07:12:44PM -0400
References: <[🔎] 20010424203038.C18914@cibalia.gkvk.hr> <[🔎] 20010424191244.U15731@justice.loyola.edu>

On Tue, Apr 24, 2001 at 07:12:44PM -0400, Michael Stone wrote:
> 
> nonononono! We *already* have the md5's available in a web-accessible
> form in the mailing list archives. Having them on the wml pages is a Bad
> Thing. There is no associated signature to validate that the md5's
> haven't been tampered with. It is likely that anyone who could modify
> the binaries on pandora could *also* modify the web pages. Adding md5's
> to the web pages is a dangerously misleading false sense of security.
> Anyone who wants this information for the purpose of validating a
> security upload *must* use the pgp-signed version *already available.*
> 
They were requested by Wichert and Joey, so make sure they agree.

At a minimum, there should be a link to the appropriate page in the
list archives.

-- 
James (Jay) Treacy
treacy@debian.org

Reply to:

Follow-Ups:
- Re: md5sums in security advisories
  - From: Michael Stone <mstone@debian.org>

References:
- md5sums in security advisories
  - From: Josip Rodin <joy@cibalia.gkvk.hr>
- Re: md5sums in security advisories
  - From: Michael Stone <mstone@debian.org>

Prev by Date: Re: md5sums in security advisories
Next by Date: Re: md5sums in security advisories
Previous by thread: Re: md5sums in security advisories
Next by thread: Re: md5sums in security advisories
Index(es):
- Date
- Thread