Peter Samuelson wrote: > The thing is, if you're checking your system, you have to have > something to check it against. If this is the md5sums file in > /var/lib/dpkg/info, it doesn't matter whether it's included in the > package. But if you're using the copy from the .deb (because, say, you > don't trust your /var), it wouldn't be much harder to do 'dpkg-deb > --extract' and then md5sum the extracted directory, than to do > 'dpkg-deb --control' and read DEBIAN/md5sums.
It's even easier to do: dpkg --fsys-tarfile $deb | tar -C / -d However, not all machines have the luxury of being able to store the orignal .debs in /var, or of being able to redownload the same debs. -- see shy jo
signature.asc
Description: Digital signature