On Mon, 24 May 1999, Branden Robinson wrote:
> I will formally oppose any proposal to require md5sums files within Debian
> packages unless it makes absolutely clear that they are not a defense
> against intrusion, but only against "mindless" data corruption like a
> failing hard disk.
Or a virus... usually they are also not that intelligent. Or whatever else
we dont know right now which might modify files in the wrong such as a
broken binary / library. md5sums are not a protection against a hacker who
is an expert at his trade but it is a protection against joe-hacker round
the corner who just replaces a binary. These are the average persons I
have encountered. Plus it is also a protection against myself. On occasion
I have replaced a binary manually to fix a burning issue or for testing
and forgotten about replacing the original afterwards.
md5sums are a general way to be able to verify the integrity of individual
files and I think we need that.
-----------------------------------------------------------------------------
Christoph Lameter (MS CS, M.Div.) http://lameter.com
Adjunct Professor (CS & Rel) University of Phoenix
-----------------------------------------------------------------------------
