On Mon, May 17, 1999 at 04:42:42PM +0200, Piotr Roszatycki wrote: > I think DEBIAN/md5sums file should be required for all packages.
I think you mean for all packages and all files which they cnotain? Or only the binaries and libraries? > md5sums is very useful for security reasons (trojans, fs crash, > unexpected file modification) but a lot of important packages > (sysvinit, dpkg, debianutils, bash, adduser, etc.) don't have > this integrity verification. Forget security. It does not buy you anything. If someone can change a file owned by root in the file system, he can also change the md5sum file or even the md5sum binary. It is somewhat useful for system recovery, if you had a major crash and need to find out what needs to be reinstalled. But for this reason a joliet file system would do better :) > I propose any Debian package have to contains md5sums. I doubt the usefullness (dpkg is no backup system). But I will not object. Indeed, I see some usefulness, but I want to know more about the drawbacks: How do you want to verify the sums (using cruft, maybe?). How long will it need to check the whole fs, how much disk space will the md5sums occupy. How do you want to store them? Thanks, Marcus -- "The purpose of Free Software is Free Software. The End and the Means are the same." -- Craig Sanders Marcus Brinkmann <[EMAIL PROTECTED]>
