From owner-freebsd-security Sun Feb 23 10:18:50 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BE76537B405 for ; Sun, 23 Feb 2003 10:18:48 -0800 (PST) Received: from fep3.cogeco.net (smtp.cogeco.net [216.221.81.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6264343FA3 for ; Sun, 23 Feb 2003 10:18:47 -0800 (PST) (envelope-from dlavigne6@cogeco.ca) Received: from dhcp-17-14.kico2.on.cogeco.ca (d226-42-146.home.cgocable.net [24.226.42.146]) by fep3.cogeco.net (Postfix) with ESMTP id 626B02B1F for ; Sun, 23 Feb 2003 13:18:45 -0500 (EST) Date: Sun, 23 Feb 2003 13:22:41 -0500 (EST) From: Dru X-X-Sender: dlavigne6@dhcp-17-14.kico2.on.cogeco.ca To: security@freebsd.org Subject: md5 checksum on ports.tar.gz Message-ID: <20030223131402.A71353@dhcp-17-14.kico2.on.cogeco.ca> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I admit it's been a while since I downloaded ports.tar.gz as I usually build from trusted media. I was demonstrating to a student the other day how to verify an MD5 checksum on a downloaded file and went to use ports.tar.gz as an example and was dismayed when I couldn't find the checksum. Is it just well hidden or is there a reason why this file does not have one? I realize that this file changes often, but isn't it worth calculating a checksum on? Especially after the high profile cases we saw last year of open source ftp sites getting trojaned? Dru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message