On 2008-10-19 at 23:07:46, Sune Vuorela wrote: > In case of 2, the intruder is more than normal stupid if he gets caught by > this.
Yes, but as you are probably aware, there are stupid attackers out there :) > " This may be useful for checking system integrity later, though it " > "should not be relied on as a security measure." I agree with you on that point: it's NOT a proper/full security solution I think that if you're concerned about security, you should go for something like samhain, integrit, etc. These solutions are much better for that purpose. Where I think I might disagree with you is here: I think that the debsums checks can still be somewhat useful security-wise. Mostly because of the fact that it requires no setup of any kind and is automatically updated. For users who feel that it's too much work and overhead to setup a proper security solution (a la samhain and friends) and to keep it up to date, then the simple no-setup debsums check is better than doing no checks at all. > "This security check takes some time to run but is highly recommended." I will concede that perhaps I should have omitted the word "highly" in that sentence. However, given the number of updates that I have requested from the translators in the last few weeks, this change will have to wait. If you'd like to suggest a small blurb that recommends other packages for making the system properly secure, then I'll be happy to add this to the README file to make it obvious what the limitations of debsums are and that there are good protections for those who are willing to put the time in. > 1) Don't ask this in debconf It's a medium-level question. > 2) don't enable such cron run by default Done (in the upcoming upload). Francois -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
