|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Just an idea
From: Leandro Chango (elchango
hypernode.com.ar)
Date: Thu May 01 2003 - 09:19:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 02 May 2003 00:01:24 +1000
Shane J Pearson <shanepign.com.au> wrote:
> Jose Nazario wrote:
> > On Thu, 1 May 2003, Shane J Pearson wrote:
> >
> >>If they can modify the packages on the ftp site, they can modify the
> >>sums file too.
> >
> > but this is what's already an accepted risk for the base tarballs in the
> > system.
>
> Yes, but I don't see how providing a sums file on the ftp sites gives
> any security gains.
>
> Why would the sums file be any more authoritive than the files it
> references on the same server?
>
md5 sums not only give you the security that the files contain what they should, but also tell you if they didn't get corrupted in the process of downloading and storing them on disk.
So... Why do the base comp misc man, etc tarballs have their sums in a file ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]