* Chad Walstrom <[EMAIL PROTECTED]> [031202 18:14]:
> I'm not following your logic, if that's what you call it. You're saying
> that checking the current filesystem on a daily basis is NOT a good way
> to verify filesystem integrity?
I say it won't give you an real advantage over checking the *.m
Chad Walstrom <[EMAIL PROTECTED]> writes:
> On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote:
> > > A true IDS is needed, such as aide, tripwire, or cfengine to detect
> > > post-installation intrusion. Tie in aide or tripwire database
> > > checks/updates with the apt.conf "PostI
On Tue, Dec 02, 2003 at 02:01:23PM +0100, Bernhard R. Link wrote:
> > A true IDS is needed, such as aide, tripwire, or cfengine to detect
> > post-installation intrusion. Tie in aide or tripwire database
> > checks/updates with the apt.conf "PostInst" option in addition to a
> > daily cronjon to e
* Chad Walstrom <[EMAIL PROTECTED]> [031201 22:28]:
> md5sums and signatures are most useful in the context of installation.
> Post-installation, you cannot be guaranteed that an intrusion rootkit
> doesn't compromise the md5sum files themselves. Using the installed
> *.md5sum files to check the in
Eduard Bloch <[EMAIL PROTECTED]> writes:
> Moin Goswin!
> Goswin von Brederlow schrieb am Tuesday, den 02. December 2003:
>
> > > I would like to see the following things happen:
> > >
> > > - current md5sums file in control.tar.gz should contain
> > >checksums of really all files
> > > -
Moin Goswin!
Goswin von Brederlow schrieb am Tuesday, den 02. December 2003:
> > I would like to see the following things happen:
> >
> > - current md5sums file in control.tar.gz should contain
> >checksums of really all files
> > - a signature of the md5sums file should be stored either in
christophe barbe <[EMAIL PROTECTED]> writes:
> On Mon, Dec 01, 2003 at 09:11:52PM +0100, Andreas Barth wrote:
> > > Before mass bug-filling, it would be necessary to make it mandatory
> > > which unfortunately is not the case right now afaik.
> >
> > Severity: wishlist
> > Where is the problem?
Eduard Bloch <[EMAIL PROTECTED]> writes:
> #include
> John Goerzen schrieb am Monday, den 01. December 2003:
>
> > Debsigs generates its signature by effectively cating the control and
> > data components of the ar file together, running that through gpg, and
> > storing the resulting signature
On Mon, Dec 01, 2003 at 09:11:52PM +0100, Andreas Barth wrote:
> > Before mass bug-filling, it would be necessary to make it mandatory
> > which unfortunately is not the case right now afaik.
>
> Severity: wishlist
> Where is the problem?
Waste of time ?
If it's not mandatory, a full coverage wi
On Mon, Dec 01, 2003 at 06:08:28PM +0100, Eduard Bloch wrote:
> Kinda off-topic but nowhere in the discussion the question of checking
> already installed files was adressed and it should be asked:
md5sums and signatures are most useful in the context of installation.
Post-installation, you cannot
* christophe barbe ([EMAIL PROTECTED]) [031201 20:10]:
> On Mon, Dec 01, 2003 at 07:43:17PM +0100, Michael Ablassmeier wrote:
> > Unfortunately many Maintainers do not use "dh_md5sums" to ship
> > an .md5sums File in their Package(s). This makes it harder to
> > check the already installed Files on
On Mon, 01 Dec 2003, christophe barbe wrote:
> Before mass bug-filling, it would be necessary to make it mandatory
> which unfortunately is not the case right now afaik.
Deployment plan for md5sums everywhere:
1. List packages that do not have a md5sum included.
For every package in the list:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Dec 01, 2003 at 01:56:09PM -0500, christophe barbe wrote:
> Before mass bug-filling, it would be necessary to make it mandatory
> which unfortunately is not the case right now afaik.
No, it is not mandatory. However, it would be a nice Wishli
On Mon, Dec 01, 2003 at 07:43:17PM +0100, Michael Ablassmeier wrote:
> Unfortunately many Maintainers do not use "dh_md5sums" to ship
> an .md5sums File in their Package(s). This makes it harder to
> check the already installed Files on a Debian installation.
>
> I think, at least Packages like "d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi Eduard,
On Mon, Dec 01, 2003 at 06:08:28PM +0100, Eduard Bloch wrote:
> - current md5sums file in control.tar.gz should contain
>checksums of really all files
Unfortunately many Maintainers do not use "dh_md5sums" to ship
an .md5sums File in
#include
John Goerzen schrieb am Monday, den 01. December 2003:
> Debsigs generates its signature by effectively cating the control and
> data components of the ar file together, running that through gpg, and
> storing the resulting signature data in a new component of the ar file.
> I did test t
16 matches
Mail list logo