Re: System integrity...
Chris Leishman wrote:
> What I propose is to extend the security of Debian. I do not propose an
> "ultimate security solution", but simply a method to increase the security
> debian offers to users. The proposal is as follows:
>
>
> Each package can contain a DEBIAN/md5sums file. This is normally saved
> into /var/lib/dpkg/info on the local machine. What I propose is to
> instead extract this information during dinstall, and save is to a
> <package>-<version>.md5sums file, to live alongside the .deb on the debian
> ftp server. (Alternatively, they could be collected into 1 file, like
> the package list).
I'm not tracking this proposal on the weekly policy summary because as far
as I can see, it has nothing to do with policy per se, it's stricly a debian
mirror thing.
If people disagree with me on this, I'll be happy to track it.
> A version of debsums could then be implemented to connect to the debian
> server (or trusted mirror) and use these .md5sums files to verify the
> majority of the files on a system. The debsums utility could also be
> moved to a boot disk, to guarantee secure operation given a potentially
> damaged machine.
It's worth noting (as I have before) that Jim Dennis (some may know his from
linux gazette as the "answer guy" was/is/may be working on something
similar. His idea was to simply compare a debian cd against the install
system, checking md5sums. It gains you about the same things.
--
see shy jo
Reply to: