<snip>
As for exploded tree verification, one general approach could be to provide a file with a list of file-md5 pairs that sits alongside the .discinfo file (perhaps named .filemd). This file would have a function similar to the repomd.xml file in the repodata folder, but presumably would be in plaintext format rather than xml (since it would be read by loader). This file could be used when the mediacheck flag is present to check md5 values for files in the distribution. We can imagine several issues with this approach, but will do some experimenting to see what we can come up with.
The biggest issue with this approach is filesystem metadata is not part of the checksums, so you can actually have a corrupt filesystem (perms and such) but have files that seem perfectly fine. This is what the embedded iso md5 provides, in that it checksums even the iso/filesystem metadata. That said, it would possible I am assuming to do something similar with other filesystems, but I can give no advice in regards to this. Furthermore if the tree in questions is only a subset of the files on the filesystem, then this would not be usefull either (i.e. the embedded checksum approach), whereas your file list would e the best that could be done. Which ultimately shows an advantage to some sorto of image based approach, but I can definately see cases where the tree approach is desirable. Cheers...james
