Martin Zobel-Helas
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: announcing the beginning of security support for testing
Hi Marty, On Monday, 12 Sep 2005, you wrote:> Could a list of md5sums be provided for this archive, like the file > /debian/indices/md5sums.gz in the main (debian) archive? With the help > of a simple script, this file allows me to check the package integrity in my > mirror of the main debian archive. I am hoping that this method can be used > for other archives as well, as an alternative to the currently recommended > checking method.i added the md5sums file. It should be indices/md5sums.gz with the next run of dinstall.> Compounding this problem is the fact that rsync to the (primary) > secure-testing > archive is disallowed using the -c (checksumming) option, understandably so. > rsync with checksumming has been my workaround with my local > debian-security archive.Allowing -c option for rsync adds WAYS TOO MUCH load to the server, so please accept that we will not enable that on the server. Greetings Martin
Marty
2006-Mar-13 12:28 UTC
[Secure-testing-team] Re: announcing the beginning of security support for testing
Could a list of md5sums be provided for this archive, like the file /debian/indices/md5sums.gz in the main (debian) archive? With the help of a simple script, this file allows me to check the package integrity in my mirror of the main debian archive. I am hoping that this method can be used for other archives as well, as an alternative to the currently recommended checking method. The problem with the secure-testing checking procedure (which is also used by security.debian.org and marillat archives) is that it requires apt 0.6.* Unfortunately, the version of apt in debian testing is only 0.5.28.6 and in any case it will be a long time before all of my systems run apt version 0.6 or higher. In addition, the recommended checking procedure only checks packages during installation, if I understand it correctly -- it cannot check the inegrity of an entire mirror archive. For my purposes, I need to check the integrity of all packages in my local archives, before I attempt to install them. Compounding this problem is the fact that rsync to the (primary) secure-testing archive is disallowed using the -c (checksumming) option, understandably so. rsync with checksumming has been my workaround with my local debian-security archive. *See http://www.debian.org/doc/manuals/securing-debian-howto/ch7#s-deb-pack-sign which is referenced by the Debian security FAQ.