Hello
On Tue, Oct 18, 2005 at 05:33:55PM +0200, Daniel Leidert wrote:
> Package: debarchiver
> Version: 0.5.3
> Severity: wishlist
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> Now that we are able to create signed archives, we can think about
> adding an integrity check, which should be passed before everything
> else. Let's say, that one package is manipulated at the server. Running
> debarchiver as a cron-job currently makes it impossible to detect such a
> manipulation, because it does not check the integrity of an archive,
> before it updates the index files. So I think, we should add an integrity
> check. If the check is not successful, debarchiver should create a
> warn-mail and send it to a special address but reject all other jobs.
>
> Does that make sense? Or is such a check maybe useless?
It makes sense to me. I currently do not have time to implement it but
patches are always welcome! :)
Regards,
// Ola
> Regards, Daniel
>
>
> - -- System Information:
> Debian Release: testing/unstable
> APT prefers unstable
> APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (500,
> 'oldstable'), (110, 'experimental')
> Architecture: i386 (i686)
> Shell: /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.12.09050927
> Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
>
> Versions of packages debarchiver depends on:
> ii adduser 3.67.2 Add and remove users and groups
> ii apt-utils 0.6.41 APT utility programs
> ii dpkg-dev 1.13.11package building tools for Debian
> ii opalmod 0.1.13 A set of Perl modules for
> various
>
> debarchiver recommends no packages.
>
> - -- no debconf information
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFDVRXjdg0kG0+YFBERAuvlAJ91BPsQBHFMmg9JZjmPfhARId/HiACfX3hU
> geXDaDqX2BJc59Um8z0bGIQ=
> =vKpr
> -END PGP SIGNATURE-
>
>
--
- Ola Lundqvist ---
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]