Re: Pointless to use non-md5 for makepkg INTEGRITY_CHECK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Mon, Jan 12, 2009 at 4:20 PM, Aaron Schaefer <aaron@xxxxxxxxxxxxxx> wrote:
> Is it that you don't see package verification as a possible security
> issue? Then why do we use hashes at all? Why not record the size of
> the file in bytes and put that in the PKGBUILD instead to check for
> incomplete downloads?

Have you never had a corrupted download? "Alright, 356K... wait, not a
tar file? what the hell?"

checksums have been used to "check" transmission of data for ages.
Hell, your router even does some form of checksumming on packets it
sends and receives.
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux