[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just an idea

On Thu, 1 May 2003, Leandro Costa wrote:

> Some months ago i was talking with a friend about OpenBSD packages,
> because i was preparing a script to update them and we realised that we 
> are not able to check if the copy we have on disk is the same that the 
> one on the server (i.e. there are no MD5/SHA1/RMD160 sums).

Check your local repository via rsync.
Many RSYNC mirrors are listed in http://www.openbsd.org/ftp.html#rsync
As rsync offers cheksum controls, you can even update your local copy

> Wouldn't it be cool to add a file under 
> ftp://ftp.openbsd.org/pub/OpenBSD/$RELEASE/packages/$ARCH, containing 
> the packages' MD5 sums at least? I think it'd be more secure if we can
> check those sums.

The pattern for OpenBSD package downloads[1] shows that, 90% of people 
just download 10 - 15 files a session. They do not download the whole packages
There must be something more efficient then stuffing all the hash values 
into *one* file.

That can be useful.


[1]: May 2002 - Apr 2003 ftp.linux.org.tr stats