On Mon, Aug 05, 2002 at 07:27:09PM +0200, Jonas Anden wrote:
> Should the published MD5 sum of a file I have mirrored be different on
> *ANY* of the other mirrors (or the primary site) be different from the
> calculated MD5 sum of my file, all sorts of bells and whistles should go
> off. Something is wrong; either my copy or their copy is bad. Either
> way, something needs to be done about it.

Indeed, but IMHO the same scheme will also either scream at updates or if
you trust updates, limit protection to only existing files. This is little
different from the tripwire concept and suffers the same the fallacies.

I am thinking along the line where distributions are checked against
checksums signed by some authority (in this case, the developer).

        Just me,
        Wire ...

--
Tan Wee Yeh     wytanpobox.com     http://www.pobox.com/~wytan
For PGP public key : http://www.pobox.com/~wytan/pgp
PGP fingerprint = CB 11 61 BE 4E EF FB 84  71 15 CF 22 46 FD 4C B3

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]