[debhelper-devel] Request to re-open "Bug#540215: Introduce dh_checksums" discussion

Andrew Pollock apollock at debian.org
Mon Jul 6 23:29:14 UTC 2015


On Mon, Jul 06, 2015 at 01:11:04PM -0400, Mimi Zohar wrote:
> Hi!
> 
> When I opened the "Bug#766267: debhelper: add file signature support
> in .deb packages" feature request for adding file signatures to debian
> packages, I wasn't aware Franklin Liat submitted a feature request in
> 2010 for sha256 support -  Bug#540215: Introduce dh_checksums.
> Unfortunately, I only came across the discussion recently.
> 
> There was a rather long discussion at the time as to whether larger file
> hashes provide any additional security.  Franklin's summary of the
> discussion is available here:
> https://lists.debian.org/debian-devel/2010/03/msg00971.html
> 
> Since that discussion in 2010, the linux-integrity subsystem has matured
> and can now be configured to verify and enforce local file integrity
> based on file signatures.   I would like to re-open the discussion for
> including larger file hashes and file signatures in deb packages.

I'm personally in favour of it, as I'd like to see Debian be IMA-capable by
default. I've started fleshing out an argument for trying to convince the
kernel maintainers to enable IMA in the kernel in
https://wiki.debian.org/Debate/CONFIG_IMA

Contributions for and against are welcome.

regards

Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debhelper-devel/attachments/20150706/a02c309b/attachment.sig>


More information about the debhelper-devel mailing list