experimental system for per-file checksums
I've looked at Klee's proposals. There are a number of interesting
ideas there, but I'm not sure how appropriate the whole thing is.
Klee's scheme seems to me to confuse the issue of verifying the
integrity of the distribution channel from package maintainer to user,
and that of verifying the integrity of a system by comparing it to a
known-good installation's checksums.
The reason I haven't tried to talk Bruce out of per-file checksums in
.deb files is because I think there's a plausible excuse for them as a
time-saving measure: dpkg wouldn't need to compute the md5sum of every
file it installed if the user wanted to see those md5sums.
I think that if you want to verify your system against a known-good
distribution it would be better to have a proper package integrity
mechanism and use that to extract the md5sums file from each package
and store it somewhere.
It seems to me that Klee's proposal fails to achieve its stated
purpose, to protect a machine from internal tampering, because it is
unable to protect the software which would do the verification or the
public keys used to verify the certificates. If these can be stored
off-line it seems to me that it might make sense just to store all the
md5sums off-line.
Ian.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: