Package: mathematica-fonts
Version: 9
Severity: important
Hi.
I'm currently looking at some Debian packages which are downloading
(and afterwards installing) stuff from the internet.
It seems that you verify the downloaded file via MD5... may I suggest
the following in addition:
1) Don't use MD5 but something better (SHA512)... MD5 is insecure,..
(that's why I've set the priority important (to make sore to get your
attention ;) )
2) Give a more instructive warning in case of checksum mismatches,...
perhaps inform the user, that this might be a (prevented) security
incident.
3) Make the package installation fail if there was a checksum
mismatch, and delete all potentially corrupted files.
Thanks and best wishes,
Chris.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mathematica-fonts depends on:
ii debconf [debconf-2.0] 1.5.27 Debian configuration
management sy
ii defoma 0.11.10-1 Debian Font Manager --
automatic f
ii unzip 6.0-1 De-archiver for .zip files
mathematica-fonts recommends no packages.
mathematica-fonts suggests no packages.
-- debconf information:
* mathematica-fonts/accept_license: true
* mathematica-fonts/http_proxy:
* mathematica-fonts/license:
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
