Hello On Tue, Oct 18, 2005 at 05:33:55PM +0200, Daniel Leidert wrote: > Package: debarchiver > Version: 0.5.3 > Severity: wishlist > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > Now that we are able to create signed archives, we can think about > adding an integrity check, which should be passed before everything > else. Let's say, that one package is manipulated at the server. Running > debarchiver as a cron-job currently makes it impossible to detect such a > manipulation, because it does not check the integrity of an archive, > before it updates the index files. So I think, we should add an integrity > check. If the check is not successful, debarchiver should create a > warn-mail and send it to a special address but reject all other jobs. > > Does that make sense? Or is such a check maybe useless?
It makes sense to me. I currently do not have time to implement it but patches are always welcome! :) Regards, // Ola > Regards, Daniel > > > - -- System Information: > Debian Release: testing/unstable > APT prefers unstable > APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (500, > 'oldstable'), (110, 'experimental') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.12.09050927 > Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) > > Versions of packages debarchiver depends on: > ii adduser 3.67.2 Add and remove users and groups > ii apt-utils 0.6.41 APT utility programs > ii dpkg-dev 1.13.11 package building tools for Debian > ii opalmod 0.1.13 A set of Perl modules for > various > > debarchiver recommends no packages. > > - -- no debconf information > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > > iD8DBQFDVRXjdg0kG0+YFBERAuvlAJ91BPsQBHFMmg9JZjmPfhARId/HiACfX3hU > geXDaDqX2BJc59Um8z0bGIQ= > =vKpr > -----END PGP SIGNATURE----- > > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | +46 (0)54-10 14 30 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
