experimental system for per-file checksums

To: debian-devel@lists.debian.org
Subject: experimental system for per-file checksums
From: Klee Dienes <klee@mit.edu>
Date: Wed, 26 Feb 1997 00:14:05 -0500
Message-id: <[🔎] 199702260514.AAA30838@sauron.fashion-tech.com>
Reply-to: Klee Dienes <klee@mit.edu>

I was one of the people originally opposed to per-file checksums for
binary pacakges.  Now that they've been decided upon by fiat power,
I'd like to at least see them implemented in a non-obtrusive fashion.
In particular, I'm hoping to see a per-file checksum system that, like
tripwire, is:

 * invisible to the developer
 * secure against tampering
 * independent of the rest of the packaging system
 * optional to the end user and installable at any time

Accordingly, I've uploaded a proposal and proof-of-concept
implementation for a per-file checksum system that I believe to
possess the above four characteristics to
experimental/dpkgcert_0.1-1_i386.deb.

The proposal could be all wet --- I haven't given it anywhere near the
rigorous security review it deserves --- but if not, I think it oculd
make a decent starting point for a decent and non-intrusive per-file
checksum system.

I'd appreciate it if interested parties could take a look at the
proposal (it installs HTML-format documentation in /usr/doc/dpkgcert),
and get back to me with any comments they might have.

Thanks,
 - Klee


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Prev by Date: Re: IMPORTANT: RSA Data Security Challenge participants please read
Next by Date: Re: porting machines
Previous by thread: Re: IMPORTANT: RSA Data Security Challenge participants please read
Next by thread: experimental system for per-file checksums
Index(es):
- Date
- Thread