On 04 Dec 2003 02:44:31 +0100, Goswin von Brederlow <[EMAIL PROTECTED]> said:
> "Bernhard R. Link" <[EMAIL PROTECTED]> writes:
>> * Manoj Srivastava <[EMAIL PROTECTED]> [031203 20:12]:
>> > Before we make such a push, we should at least ensure that it
>> > is something we really want to do. I think locally generated
>> > checksums are a better solution.
>>
>> I don't think so. md5-calculation it not the fastest thing
>> (especially on non-i386 it often feels like downloading and
>> installing together needs less time than the md5sum-verification.
>> So this should be switched off, but then it will be missing when
>> one needs them.
> The md5sum file should be generated at build time, signed and only
> the signature kept. The signature is small enough not to cause
> bloat, it can be included in the Package file or a Signatures.gz
> file containing all signatures could be maintained in the archive.
Good, except that now we have no checksum checks for the most
critical files on my system -- the ones that tailor all software that
runs to my environment. Generating the md5sums on install for atleast
the conffiles should still be considered, since the checksums for the
conffiles on my system often bear little resemblance to the md5sums
for the conffiles shipped with the package.
> When one needs to verify the md5sum files can be generated
> (dpkg-repack and then generate them) and compared.
Why dpkg-repack?
__> cat /var/lib/dpkg/info/mailagent.list | while read i; do test -f $i \
&&&& md5sum $i; done
c1188623038c4ae8b0b94b7718ed33d4 /usr/bin/mailpatch
448fa9faf25a526231944b5c19d85305 /usr/bin/mailhelp
21da2125bd7dd23885b4ae929187b6a4 /usr/bin/maillist
ffd68a1d6b7e8cc3bf20466fb37ef03d /usr/bin/maildist
c709fd09363185e556c64be2c81ff6fb /usr/bin/package
39437a68a2dc5501b3fc37458219fcc8 /usr/bin/edusers
66dbd5e38b2c05241b103db274399576 /usr/bin/mailagent
....
> Or the files can be generated at install time and stored
> too. Intrusion detection systems could use those files then since
> the signature preventstampering. It would be the users choice.
manoj
--
Now she speaks rapidly. "Do you know *why* you want to program?" He
shakes his head. He hasn't the faintest idea. "For the sheer *joy* of
programming!" she cries triumphantly. "The joy of the parent, the
artist, the craftsman. "You take a program, born weak and impotent as
a dimly-realized solution. You nurture the program and guide it down
the right path, building, watching it grow ever stronger. Sometimes
you paint with tiny strokes, a keystroke added here, a keystroke
changed there." She sweeps her arm in a wide arc. "And other times
you savage whole *blocks* of code, ripping out the program's very
*essence*, then beginning anew. But always building, creating,
filling the program with your own personal stamp, your own quirks and
nuances. Watching the program grow stronger, patching it when it
crashes, until finally it can stand alone -- proud, powerful, and
perfect. This is the programmer's finest hour!" Softly at first,
then louder, he hears the strains of a Sousa march. "This ... this is
your canvas! your clay! Go forth and create a masterwork!"
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
