experimental system for per-file checksums
I was one of the people originally opposed to per-file checksums for
binary pacakges. Now that they've been decided upon by fiat power,
I'd like to at least see them implemented in a non-obtrusive fashion.
In particular, I'm hoping to see a per-file checksum system that, like
tripwire, is:
* invisible to the developer
* secure against tampering
* independent of the rest of the packaging system
* optional to the end user and installable at any time
Accordingly, I've uploaded a proposal and proof-of-concept
implementation for a per-file checksum system that I believe to
possess the above four characteristics to
experimental/dpkgcert_0.1-1_i386.deb.
The proposal could be all wet --- I haven't given it anywhere near the
rigorous security review it deserves --- but if not, I think it oculd
make a decent starting point for a decent and non-intrusive per-file
checksum system.
I'd appreciate it if interested parties could take a look at the
proposal (it installs HTML-format documentation in /usr/doc/dpkgcert),
and get back to me with any comments they might have.
Thanks,
- Klee
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: