Package: www.debian.org
On the individual package pages (for example <http://packages.debian.org/testing/base/procps>) there are links to show the list of files of this package for every architecture (under the download buttons). This list is rather useless - it only shows the file name and the package name for every file contained in the package. It should also provide the MD5 hash of every file. This would help for quick manual checks whether an installed binary was compromised: Boot from a CDROM- based distribution (e.g. Knoppix), run md5sum on the suspect file and compare it to the listing on the package page. For now I have to download the whole package and extract the control information to get a MD5 string that can be trusted (since /var/lib/dpkg/info/ on that machine might be manipulated too). Regards, Ingo
