Harald Braumann wrote: > On Mon, Mar 08, 2010 at 10:49:54PM -0500, Joey Hess wrote: > > It's stupid and straightforward to install /usr/local/bin/ls. debsums > > will not detect it. > > And it's as straightforward to find files which don't belong to any > package and have some other means in place to check locally generated > files.
I don't want to get dragged into continuing to provide counterexamples, but it's also fairly easy to modify a file in /etc to provide a backdoor, such that neither debsums nor cruft will notice it. -- see shy jo
signature.asc
Description: Digital signature
