Re: md5sums (was Re: System integrity...)
On Sun, Jun 13, 1999 at 03:46:42AM +0200, Martin Bialasinski wrote:
<snip>
> CL> What is the criteria that determines which packages get .md5sums
> CL> files stored in /var/lib/dpkg/info/ ??
>
> The file is created during debian/rules binary by dh_md5sums or other
> means.
>
Yes...but I wasn't sure if there was policy requirement for this or not(?).
Or is it just "a good thing"(TM)?
Would it be difficult to extract the md5 information from a debian package
to store in a seperate record on a debian server (similar to package info
stored in the package lists)? We could then enhance debsums to download and
use these records (which would hopefully be free from corruption/error).
This would be particularily usefull for people who want to verify installations
that have been "hacked" (similar to the way tripwire requires a database
on read-only media). Having .md5sums on the local system isn't overly usefull
for this, as they could be as easily modified as any system binaries.
Just a thought....
Chris
--
----------------------------------------------------------------------
As a computer, I find your faith in technology amusing.
----------------------------------------------------------------------
Reply with subject 'request key' for PGP public key. KeyID 0xA9E087D5
Reply to: