[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Just an idea
On Fri, 02 May 2003 00:33:36 +1000
Shane J Pearson <shanep@ign.com.au> wrote:
> Hi Leandro,
>
> Leandro Chango wrote:
>
> > md5 sums not only give you the security that the files contain what
> > they should,
>
> Yeah, but how do you provide them authoritively?
>
> > but also tell you if they didn't get corrupted in the process of
> > downloading and storing them on disk.
>
> I don't dispute checksum usage for integrity checks, but security in
> this context?...
>
> > So... Why do the base comp misc man, etc tarballs have their sums in a
> > file ?
>
> Integrity.
>
Well, my suggestion could be applied to do integrity checks, and those sums could be in another server as well. I don't rely on some mirrors, i prefer to use the official servers though downloads are sometimes slower... So if some host starts to mirror packages, i can compare those sums on the official ftp server with the files i downloaded from that not trusted-by-me mirror.