|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Just an idea
From: Leandro Costa (ldcosta
tutopia.com)
Date: Thu May 01 2003 - 09:49:19 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 02 May 2003 00:33:36 +1000
Shane J Pearson <shanepign.com.au> wrote:
> Hi Leandro,
>
> Leandro Chango wrote:
>
> > md5 sums not only give you the security that the files contain what
> > they should,
>
> Yeah, but how do you provide them authoritively?
>
> > but also tell you if they didn't get corrupted in the process of
> > downloading and storing them on disk.
>
> I don't dispute checksum usage for integrity checks, but security in
> this context?...
>
> > So... Why do the base comp misc man, etc tarballs have their sums in a
> > file ?
>
> Integrity.
>
Well, my suggestion could be applied to do integrity checks, and those sums could be in another server as well. I don't rely on some mirrors, i prefer to use the official servers though downloads are sometimes slower... So if some host starts to mirror packages, i can compare those sums on the official ftp server with the files i downloaded from that not trusted-by-me mirror.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]