Tom Allison <[EMAIL PROTECTED]> writes: > I was just reading slashdot about the Debian distro and there was > some discussion about the md5 signature of packages. > > Is there some way that this (is already or can be) implimented by > default on package installations?
It's largely a matter of the maintainer generating the md5sum information when they build the package; debsums(1) also has a fragment you can drop in your APT configuration to generate md5sum data for packages that don't include it. But do note that this is isn't necessarily useful for security. If your machine has been compromised, you could be checking with a compromised debsums or md5sum program, or the attacker can overwrite the debsums md5sum files. It *is* useful if you have questionable hardware and want to see what installed packages are damaged. -- David Maze [EMAIL PROTECTED] http://people.debian.org/~dmaze/ "Theoretical politics is interesting. Politicking should be illegal." -- Abra Mitchell -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
