Então, aqui está uma rápida compilação para responder a todas as suas perguntas:
MD5 Sums are 32 byte character strings that are the result of running the md5sum program against a particular file. Since it is very hard to find two different files that results in same strings, MD5's can be used to determine that the file or iso you downloaded is a bit-for-bit copy of the remote file or iso.
-
Você pode usar debsum .
-
dpkg
ouapt-get
não verifique omd5sum
antes de instalar um pacote como você já descobriu. Os arquivos que você está falando são usados para verificar se os pacotes foram alterados após a instalação. Veja abaixo:
5.2.3. Checksums, List of Configuration Files
...the control.tar.gz archive of a Debian package may contain other interesting files. The first, md5sums, contains the MD5 checksums for all of the package's files. Its main advantage is that it allows dpkg --verify (which we will study in Section 14.3.3.1, “Auditing Packages with dpkg --verify”) to check if these files have been modified since their installation. Note that when this file doesn't exist, dpkg will generate it dynamically at installation time (and store it in the dpkg database just like other control files).