Date: Wed, 9 Oct 2002 15:02:56 -0700 From: Erick Mechler <emechler@techometer.net> To: Mike Hoskins <mike@adept.org> Cc: security@FreeBSD.ORG Subject: Re: md5 checksum server Message-ID: <20021009220256.GN10532@techometer.net> In-Reply-To: <20021009144421.B88247-100000@fubar.adept.org> References: <20021009142623.Q88247-100000@fubar.adept.org> <20021009144421.B88247-100000@fubar.adept.org>
next in thread | previous in thread | raw e-mail | index | archive | help
:: As an aside, what if someone worked up a standard/RFC detailing accepted :: naming conventions for md5 sums. If there was some standardization :: (I.e. software.version.md5 in the same directory the distfile is retreived :: from, many follow similar conventions already), then FTP clients :: (including things like wget) could be modified to automagically compare :: md5 sums on download when they exist. Unless I'm misunderstanding what you're proposing, this still doesn't prevent someone from modifying both the tarball and the MD5 file. PGP signatures are an even better method, and harder to spoof. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021009220256.GN10532>