On Tuesday 16 December 2003 20:15, Goswin von Brederlow wrote: --cut-- > > i don't understand your comment above. why is the md5sums file useless > > and space wasting especially in terms of security? until now, I was of > > the opinion, that the md5sum gives me the guarantee that a debian package > > is not penetrated before installation and further - after having the > > packages installed on a machine - the md5sum files give me the confidence > > that the debian binaries are correct and consistent. > > Any attacker would surely change the md5sums file along with changing > the actual files. Nothing guards againt the md5sums file getting > changed intentionally or accidentally.
That's true because everyone could use md5sum to generate the sum of arbitrary file, but just one person has access to his/her private key to sing with. > Only the global md5sum in the Packages file says the file got not > changed since, well, since the Packages file was generated. Since > nothing checks the Release.gpg signature (wihtout apt-secure > installed) thats not much more secure either. But you can make sure > its not changed since ftp-master.debian.org generated the file. So what is the plan from now on: 1. integrate only apt-secute patch into main apt - to complete the chain of trust via vendors.list. 2. accept dpkg-sig package recently introduced - to create and verify signatures on .deb-files 3. do both Note that implementing just 1. would not suffice since instalations via dpkg -i will not check the signatures. -- pub 4096R/0E4BD0AB 2003-03-18 <keyserver.bu.edu> 1AE7 7C66 0A26 5BFF DF22 5D55 1C57 0C89 0E4B D0AB