On 18 May 1999, Manoj Srivastava wrote:
> Precisely. You have yet to come up with anything that adresses
> the technical shortcomings of the md5sum proposal. I, for one, use
> tripwire. I would much prefer to use a free solution, but I do not
> have time to write a secure replacement.
Technical shortcomings of the tipwire approach vs. the
intruder-changes-checksums idea are the same plus you only have
the checksums of the files *after* they were unpacked. With md5sums you
have the checksums of the files on the *maintainers* system and there is a
verification that the files are the *same* as the maintainer generated
them. That is what I want.
debian-policy did not exist 3 years ago. And I am just in the process of
getting into things again. Good to hear that none of your arguments have
changed since.
-----------------------------------------------------------------------------
Christoph Lameter, MSCS, M.Div.
-----------------------------------------------------------------------------
