>>"Marcus" == Marcus Brinkmann <[EMAIL PROTECTED]> writes:
Marcus> I think that the checksums should be in the package, and
Marcus> burned on CDs along with the package, so you can verify them
Marcus> more easily.
If the package is signed, or if there is a Packages file on
the CD with md5sum of the package in it, you do not need an
additional list of explicit md5sums of each and every file in the
package. No additional security is gained from that.
Additionally, conffiles are not taken into consideration by
these schemes to store checksums on the CD. Tripwire and friends do
take carte of that, but they have their own problems.
Marcus> Creating them by an untrusted system, and
Marcus> storing them on writable media (even temporarily) is a
Marcus> process which is difficult to harden.
Strawman. If do not trust the system where you check the
md5sums, you can say nothing about the results. If you have a trusted
system to do the checking, you can start with a trusted set of .debs
and check for modified files.
You are making the argument that the current system leaves you
no way to verify files on your box; and really, that is not
true. The trade offs involved here are between size of .debs vs
processing in the (rare) occurrence of a integrity check; and not all
of us agree that the rare computational penalty is too bad a rice to
pay in return for the more common saving of space and bandwidth.
However, I could be swayed from my position were I shown hard
numbers that demonstrate otherwise -- performance penalties in
starting from a verified .deb vs the space consumption of md5sums
manoj
--
I'm So Miserable Without You It's Almost Like Having You Here Song
title by Stephen Bishop. She Got the Gold Mine, I Got the Shaft Song
title by Jerry Reed. When My Love Comes Back from the Ladies' Room
Will I Be Too Old to Care? Song title by Lewis Grizzard. I Don't
Know Whether to Kill Myself or Go Bowling Unattributed song title.
Drop Kick Me, Jesus, Through the Goal Posts of Life Unattributed song
title.
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
