Thank-you. Yes, a talented cracker could simply modify the databases, however I hardly ever see this. Crackers usually don't think about verification databases in the package manager. I have caught many a cracker in RPM this way ;)
-- Arthur H. Johnson II Catechist, St John Catholic Church, Davison MI USA Debian GNU/Linux Advocate, Window Maker Advocate President, Genesee County Linux Users Group IRC: [EMAIL PROTECTED],#windowmaker IRC: [EMAIL PROTECTED],#debian YIM: arthurjohnson AIM: bytor4232 ICQ: 31770438 On Wed, 8 May 2002, Colin Watson wrote: > On Wed, May 08, 2002 at 10:58:41AM -0400, Arthur H. Johnson II wrote: > > Is this possible in dpkg? Can I "verify" debs? I looked through the man > > pages and havent seen anything interesting. > > debsums, although not all packages provide MD5sums files so you'll have > to use 'debsums -g' to generate the missing ones. Plans for signed .debs > have been made and will be implemented at some point. > > Of course, this doesn't help you if a cracker alters > /var/lib/dpkg/info/*.md5sums - but it sounds like 'rpm --verify' has the > same proviso. The debsums(1) man page talks about this under CAVEATS. > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]