* andy baxter <[EMAIL PROTECTED]> [070624 18:19]: > I've tried using debsums - however it's not really a good check on your > system because the program and the data it's using both come from the > system you are trying to check, so could be compromised. Also, it seems > to miss out many important packages - e.g. here's the standard error > output from a recent run of debsums on my server:
I had someone in the past considered this, too. First of all debsums's main advantage is looking for unintended changes (and its indeed a shame so many of the important packages come without, that makes bad RAM or unreliable controlers a much larger hassle than they needed to be). To make anything security relevant out of them, the CD would need to have checksums of the contents of those files (for the different versions of the packages) and the missing md5sum files on it. But even that would only make sure none of the official files are changed, while it is more easy to cause harm by simply adding stuff. (Even changing can happen by just uninstalling and puting the stuff manually in there). So the whole thing would have to be combined with something like a security focused checker (perhaps similar to cruft). That together with some code to automatically detect the system and use the right partitions at the right place would surely be a nice tool, but if would for sure be an enourmous amount of work before anything halfly usefull comes out of it. So good luck and let me know when it is finished. (Because I doubt anyone else will find the time to do it). Hochachtungsvoll, Bernhard R. Link -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]