[debhelper-devel] Request to re-open "Bug#540215: Introduce dh_checksums" discussion
Andrew Pollock
apollock at debian.org
Mon Jul 6 23:29:14 UTC 2015
On Mon, Jul 06, 2015 at 01:11:04PM -0400, Mimi Zohar wrote:
> Hi!
>
> When I opened the "Bug#766267: debhelper: add file signature support
> in .deb packages" feature request for adding file signatures to debian
> packages, I wasn't aware Franklin Liat submitted a feature request in
> 2010 for sha256 support - Bug#540215: Introduce dh_checksums.
> Unfortunately, I only came across the discussion recently.
>
> There was a rather long discussion at the time as to whether larger file
> hashes provide any additional security. Franklin's summary of the
> discussion is available here:
> https://lists.debian.org/debian-devel/2010/03/msg00971.html
>
> Since that discussion in 2010, the linux-integrity subsystem has matured
> and can now be configured to verify and enforce local file integrity
> based on file signatures. I would like to re-open the discussion for
> including larger file hashes and file signatures in deb packages.
I'm personally in favour of it, as I'd like to see Debian be IMA-capable by
default. I've started fleshing out an argument for trying to convince the
kernel maintainers to enable IMA in the kernel in
https://wiki.debian.org/Debate/CONFIG_IMA
Contributions for and against are welcome.
regards
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20150706/a02c309b/attachment.sig>
More information about the debhelper-devel
mailing list