#237: tests to verify that torrents and mirrors contain signed checksum files
-----------------------+---------------------
Reporter: robatino | Owner:
Type: task | Status: closed
Priority: major | Milestone:
Component: Wiki | Version:
Resolution: invalid | Keywords:
Blocking: | Blocked By:
-----------------------+---------------------
Comment (by robatino):
Replying to [comment:8 ausil]:
> .torrent files are available before GA the always have been. they can be
used to check that the CHECKSUM is signed. Do note that we do make the
torrents as one of the last things we do in a release.
This is correct as far as it goes, the problem is that every one of the
times I pointed out that the .torrent file was unsigned, I was told that
it was impossible to change it, since people were already downloading. So
in other words, yes, it can be checked, but since it first appears in a
public location, if there's a mistake, there's nothing that can be done
about it, which makes the check useless.
Now personally, I don't understand why the .torrent can't be changed after
people start downloading. The worst thing I can see happening is that
peers would be split between two different torrents, and seeders could
temporarily seed both, using a hard link for the ISO to avoid wasting
space, until the people on the obsolete torrent were finished. (Or just
post a message telling people to load the new .torrent file in their
client.) If the .torrent file can in fact be changed, then there is no
great need to make sure the .torrent file is perfect the first time it's
posted publicly. But everyone so far has been unanimous in telling me no,
we can't do that, even when i pointed out the problem within hours.
--
Ticket URL: <https://fedorahosted.org/fedora-qa/ticket/237#comment:9>
Fedora QA <http://fedorahosted.org/fedora-qa>
Fedora Quality Assurance
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
