Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Tan Wee Yeh (tanwy_at_comp.nus.edu.sg)
Date: Mon Aug 05 2002 - 19:43:03 CDT
On Mon, Aug 05, 2002 at 07:27:09PM +0200, Jonas Anden wrote:
> Should the published MD5 sum of a file I have mirrored be different on
> *ANY* of the other mirrors (or the primary site) be different from the
> calculated MD5 sum of my file, all sorts of bells and whistles should go
> off. Something is wrong; either my copy or their copy is bad. Either
> way, something needs to be done about it.
Indeed, but IMHO the same scheme will also either scream at updates or if
you trust updates, limit protection to only existing files. This is little
different from the tripwire concept and suffers the same the fallacies.
I am thinking along the line where distributions are checked against
checksums signed by some authority (in this case, the developer).
-- Tan Wee Yeh wytanpobox.com http://www.pobox.com/~wytan For PGP public key : http://www.pobox.com/~wytan/pgp PGP fingerprint = CB 11 61 BE 4E EF FB 84 71 15 CF 22 46 FD 4C B3