Although debian packages may contain md5sums it seems package verification is
not available (unless I have missed something).
Although your proposition seems more complete, have you try debsums and checksecurity? debsums with the following feature in /etc/apt/apt.conf
DPkg::Post-Invoke {
"debsums --generate=nocheck -sp /var/cache/apt/archives";
};Can be very handy in creating md5sums (BTW, I think it's a bug against policy to include md5sums in control files).
Ciao!
Fabien
