On Tue, 2010-03-02 at 18:21 -0800, Russ Allbery wrote: > Wouter Verhelst <wou...@debian.org> writes: > > > Or is it useful to be able to say "if it doesn't check out, it's > > certainly corrupt, and if it does check out, it may be corrupt"? Didn't > > think so. > > I don't understand why you say this. Cryptographic attacks on MD5 aren't > going to happen as a result of random file corruption. The MD5 checksums > are still very effective at finding file corruption or modification from > what's in the Debian package unless that modification was done by a > sophisticated attacker (MD5 preimage attacks are still not exactly easy). > Detecting compromises is useful, but only a small part of what the MD5 > checksums are useful for. I'd more frequently use them to detect > well-intentioned but misguided meddling by a local sysadmin. > > I certainly don't object to replacing them with SHA1 hashes, although > signed deb packages would still be my preferred solution to this problem.
Signed debs may introduce a fake sense of security (Only apt repository provide security updates). By signing packages, user may assume that a package is safe when it isn't. Debian is 15/20 years ahead of commercial operating system on that point. Franklin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1267649891.8266.233.ca...@solid.paris.klabs.be
