Re: experimental system for per-file checksums

To: ian@chiark.greenend.org.uk (Ian Jackson)
Cc: debian-devel@lists.debian.org
Subject: Re: experimental system for per-file checksums
From: Chris Fearnley <cjf@netaxs.com>
Date: Fri, 28 Feb 1997 19:52:22 -7700 (EST)
Message-id: <[🔎] 199703010052.TAA02637@unix3.netaxs.com>
In-reply-to: <[🔎] m0vznqG-0004QIC@chiark.greenend.org.uk> from "Ian Jackson" at Feb 26, 97 06:12:00 pm

'Ian Jackson wrote:'
>
>It seems to me that Klee's proposal fails to achieve its stated
>purpose, to protect a machine from internal tampering, because it is
>unable to protect the software which would do the verification or the
>public keys used to verify the certificates.  If these can be stored
>off-line it seems to me that it might make sense just to store all the
>md5sums off-line.

Eurika!  Isn't that the way tripwire does it?  Perhaps sysadmins who
care about this level of security should rely on the tool that works:
tripwire.  And leave dpkg to do what it does best: install and manage
software.

So far I haven't been convinced of anything more than marketing value
re: checksums included in .deb's.

But Ian explains it (and understands it) so much better than me.

-- 
Christopher J. Fearnley            |    Linux/Internet Consulting
cjf@netaxs.com, cjf@onit.net       |    UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf         |    (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf    |    Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller |    Explorer in Universe

Reply to:

References:
- experimental system for per-file checksums
  - From: Ian Jackson <ian@chiark.greenend.org.uk>

Prev by Date: Re: Packaging HOWTO
Next by Date: Yes, Debian Package Manager handles filesystem exceptions , nicely , (fwd)
Previous by thread: experimental system for per-file checksums
Next by thread: AW: AW: Packages still containing a.out binaries
Index(es):
- Date
- Thread