Why are there no md5 sums for binutils package? (GNU linker and assembler)
The binutils package includes core binary utilities like /usr/bin/ld and /usr/bin/as (The GNU linker and assembler). I noticed that the binutils package [1] does not include md5sums for the installed binaries.
Here's what I saw when I ran a quick verification of packages on my system:
$ sudo debsums -c
debsums: no md5sums for binutils
<*SNIP*>
$ ls -l /var/lib/
-rw-r--r-- 1 root root 3348 2010-09-01 19:10 /var/lib/
-rwxr-xr-x 1 root root 65 2010-08-20 07:39 /var/lib/
-rwxr-xr-x 1 root root 62 2010-08-20 07:39 /var/lib/
-rw-r--r-- 1 root root 168 2010-08-20 07:39 /var/lib/
Since ld and as are essential to compiling software on a system, should md5 sums be included with this package, so that admins can quickly verify the integrity of these binaries? If `ld` and `as` were corrupted, would that present a stability problem for the system? If these binaries were security compromised, could that cause a security problem for binariess which were compiled after the compromise?
Do md5 sums improve the stability and security of a system?
By comparison, RedHat/CentOS systems allow me to verify the installed RPMs using `rpm -V` [2], and it's frequently used to provide a quick verification of packages installed on a system. Is this a good idea in terms of security and stability, or is it misleading?
[1] http://
[2] http://
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu binutils Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Stefan Lasiewski for more information if necessary.