Yes, that is a very good idea!: * debcheckroot with sha256-lists is considerably faster because it does not need to download and unpack all packages
* unknown/forgotten packages of elder versions could still be checked because the sha256sums are not forgotten * You can generate sha256sums incrementally with debcheckroot, i.e. extend an existing list only for the new packages Great! I remember there were semi-public sha256-sum file lists for Windows. Why not have this for important Linux distributions as well? It should not be too hard to do. Furthermore once you have such a sha256-list you are independent from a specific tool. There is no serious checking against malware if you do not have the sha256s!!
