Re: per-file checksums in dpkg
'Richard G. Roberto wrote:'
>
>It just seems that dpkg is pretty stable and messing with it
>means messing with "the franchise". I was just wondering what
>anyone thought about adding this functionality without
>encumbering dpkg. Feasable? not feasable? Deisreable? not
>desireable?
I agree. I think the security issues that are most important are best
solved with PGP and md5sums on the files listed in the .dsc. All other
security and data recovery plans that I've seen, are site specific and
should use site specific tools. It's a philosophical choice (of
course): to impose the reasonable policy of chksums on all Debian
users. But I think dpkg shouldn't get involved in the domain of
tripwire and cfengine and friends.
Unix is built on the synergy of small tools each doing its job well.
Not one tool (dpkg) doing everyone's job for them. IMHO!
>Something we need to think about because once its done, undoing
>it would be more difficult.
Indeed.
--
Christopher J. Fearnley | Linux/Internet Consulting
cjf@netaxs.com, cjf@onit.net | UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf | (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf | Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller | Explorer in Universe
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: