-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Justin Ryan wrote: > Use both! One advantage of debsums is that you can compare md5sums > against a package, rather than just the system db. If you fear that > something may have been modified, you can download the .deb file and > bypass anything that an attacker could modify. Of course, the debsums > binary could be modified to never report that anything has changed, but > every little bit helps..
This isn't really reliable, because many important packages lack md5sums. AFAIR it is optional to generate the md5sums in packages. - - Alexander - -- "fighting for peace is like fucking for virginity" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE9kYSxFBE43aPkXWYRAn+sAJ93CgkgTYxI/nLRAWfXLQvDt+dxywCfVEWb 04jukmfaQ7bey0kHGEnM3y4= =y/CA -----END PGP SIGNATURE-----