Goswin von Brederlow <[EMAIL PROTECTED]>
schrieb am 16.12.2003 19:15:43:
now it is getting clearer. we are talking about different
things.
I'm talking about the md5sums files in the directory
/var/lib/dpkg/info. You talk about the md5 sum of the whole package (MD5sum).
so what I like to say is,
[EMAIL PROTECTED] writes:
> Goswin von Brederlow <[EMAIL PROTECTED]> schrieb am
> 16.12.2003 19:15:43:
> now it is getting clearer. we are talking about different things.
> I'm talking about the md5sums files in the directory
> /var/lib/dpkg/info. You talk about the md5 sum of the whole package
>
On Tuesday 16 December 2003 20:15, Goswin von Brederlow wrote:
--cut--
> > i don't understand your comment above. why is the md5sums file useless
> > and space wasting especially in terms of security? until now, I was of
> > the opinion, that the md5sum gives me the guarantee that a debian package
Thomas Viehmann <[EMAIL PROTECTED]> writes:
>> The md5sum files inside the package as they are now can be generated
>> at install time by anyone who wishes to have them. Security wise they
>> are useless and for accidental corruption they are redundant (since
>> they can be generated at install ti
> The md5sum files inside the package as they are now can be generated
> at install time by anyone who wishes to have them. Security wise they
> are useless and for accidental corruption they are redundant (since
> they can be generated at install time).
>
> Thus they just waste space and bandwith
Scripsit [EMAIL PROTECTED]
> why is the md5sums file useless and space wasting especially in
> terms of security? until now, I was of the opinion, that the md5sum
> gives me the guarantee that a debian package is not penetrated
> before installation
No, that's what the checksum of the entire .deb
> Re: Goswin von Brederlow in <[EMAIL PROTECTED]>
Why not set it so they are generated when a package is created?
Am I understanding correctly?
And then they could b gpg signed by the developer???
This adds one more check to the security of the system.
I used debsums just a few days to determine if
Re: Goswin von Brederlow in <[EMAIL PROTECTED]>
> The md5sum files inside the package as they are now can be generated
> at install time by anyone who wishes to have them. Security wise they
> are useless and for accidental corruption they are redundant (since
> they can be generated at install tim
David Weinehall <[EMAIL PROTECTED]> writes:
> On Sun, Dec 14, 2003 at 03:30:46PM +0100, Bernhard R. Link wrote:
> > * Bruno Rodrigues <[EMAIL PROTECTED]> [031213 19:50]:
> > > Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
> > > > Some packages have a useless and space wasting md5sums file inside
>My point exactly, even though I tried to make it through irony.
Which enhances your point for those who understand but might get your voice
ignored
for those who don't.
Maybe I'm just overcautious because I've just experienced a bad case of "vocal
minority (1.5%) get's their way because they're m
On Sun, Dec 14, 2003 at 07:24:40PM +0100, Thomas Viehmann wrote:
> David Weinehall wrote:
> > And documentation? Hell, use the source-code.
> Source code? Who needs source code?
>
> Seriously: I've had some problems with file system corruption every now
> and then. The md5sums are a nice way to c
David Weinehall wrote:
> And documentation? Hell, use the source-code.
Source code? Who needs source code?
Seriously: I've had some problems with file system corruption every now
and then. The md5sums are a nice way to check whether the basic binaries
on the disk are still what I'd like them to b
On Sun, Dec 14, 2003 at 03:30:46PM +0100, Bernhard R. Link wrote:
> * Bruno Rodrigues <[EMAIL PROTECTED]> [031213 19:50]:
> > Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
> > > Some packages have a useless and space wasting md5sums file inside the
> > > package. Due to its uselessness the exista
* Bruno Rodrigues <[EMAIL PROTECTED]> [031213 19:50]:
> Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
> > Some packages have a useless and space wasting md5sums file inside the
> > package. Due to its uselessness the existance is rather a bug than its
> > omission.
> >
> > Please close this bug,
Goswin von Brederlow <[EMAIL PROTECTED]> wrote:
> [EMAIL PROTECTED] writes:
>
>> Subject: general: no md5sums for many packages (e.g. bc)
>> Package: general
>> Version: N/A; reported 2003-12-12
>> Severity: normal
>> Tags: security
>
> Every package has a md5sum in the Package file.
>
> Some pa
Processing commands for [EMAIL PROTECTED]:
> tags 223772 - security
Bug#223772: general: no md5sums for many packages (e.g. bc)
Tags were: security
Tags removed: security
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system administrator
(admin
16 matches
Mail list logo
