[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Just an idea



On Fri, 02 May 2003 00:33:36 +1000
Shane J Pearson <shanep@ign.com.au> wrote:

> Hi Leandro,
> 
> Leandro Chango wrote:
> 
> > md5 sums not only give you the security that the files contain what
> > they should,
> 
> Yeah, but how do you provide them authoritively?
> 
> > but also tell you if they didn't get corrupted in the  process of
> > downloading and storing them on disk.
> 
> I don't dispute checksum usage for integrity checks, but security in
> this context?...
> 
> > So... Why do the base comp misc man, etc tarballs have their sums in a
> > file ?
> 
> Integrity.
> 

Well, my suggestion could be applied to do integrity checks, and those sums could be in another server as well. I don't rely on some mirrors, i prefer to use the official servers though downloads are sometimes slower... So if some host starts to mirror packages, i can compare those sums on the official ftp server with the files i downloaded from that not trusted-by-me mirror.