[vox-tech] possible rooted system / checking md5sum on debian
vox-tech@lists.lugod.org
vox-tech@lists.lugod.org
Sun, 6 Oct 2002 10:33:45 -0700
Not a direct answer to your Q, but related.
After installation of packages, AIDE or tripwire can help to check for
file mods with md5 This does nothing for checking the package before you
install it though. :-(
I dont know of a system to check for MD5 sums of all debain packages and
verify. There have been discussions about how to have cert signing of
packages, but who would be a central authority to sign packages? GPG
might allow for a decentralized, distributed signing system, but it has
drawbacks too. :-(
In some ways, MD5 is not as secure as gpg signed packages, but imagine
the keyring!
Sorry I dont have an answer for you, but I would like to see what other
people say.
-ME
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
On Sun, Oct 06, 2002 at 10:14:41AM -0700, Peter Jay Salzman wrote:
> is there any automated way to check md5sums of all packages that provide
> binaries for debian packages?
>
> someone mentioned that there was talk about this as a new feature for
> apt-get.
>
> i _really_ don't want satan to be rooted.
>
> pete
>
> ----- Forwarded message from paolo <paolo@xcf.berkeley.edu> -----
>
> Date: Sat, 5 Oct 2002 21:34:20 -0700 (PDT)
> From: paolo <paolo@xcf.berkeley.edu>
> To: Peter Jay Salzman <p@dirac.org>
> Cc: <linux@csua.berkeley.edu>
> Subject: Re: debian archive
>
> it was rooted.
> i would md5 your binaries to make sure you're ok.
> (i'm in the process of doing same)
>
> On Sat, 5 Oct 2002, Peter Jay Salzman wrote:
>
> > hi there,
> >
> > you're my favorite debian mirror, but linux.csua.berkeley.edu seems
to
> > not be responding to apt-get update for the past few days.
> >
> > has the mirror been taken down? are you having server troubles?
> >
> > thanks!
> > pete
> >
> >
>
>
> ----- End forwarded message -----
>
> --
> Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CM$/IT$/LS$/S/O$ !d--(++) !s !a+++(-----) C++$(++++) U++++$(+$) P+$>+++
L+++$(++) E W+++$(+) N+ o K w+$>++>+++ O-@ M+$ V-$>- !PS !PE Y+ PGP++
t@-(++) 5+@ X@ R- tv- b++ DI+++ D+ G--@ e+>++>++++ h(++)>+ r*>? z?
------END GEEK CODE BLOCK------
decode: http://www.ebb.org/ungeek/ about: http://www.geekcode.com/geek.html
Campus IT(/OS Security): Operating Systems Support Specialist Assistant