normal1.lists at gmail.com
Thu Jan 27 10:11:38 PST 2005
You want true security, DONT USE IT! *hides behind the fridge*
On Tue, 25 Jan 2005 16:58:06 -0500, Chuck Swiger <cswiger at mac.com> wrote:
> Hanspeter Roth wrote:
> > On Jan 25 at 14:48, Chuck Swiger spoke:
> >> You need to have an external source of information which specifies a
> >> checksum or MD5 hash to confirm that the file has not been tampered with.
> > That to say I should download CHECKSUM.MD5 from one of the public
> > FTP-servers by hand and do the MD5 checks myself, right?
> Yes indeed, or use the files in a context like the ports tree, which does this
> sort of checking for you.
> >> If you trust the Torrent tracker file, then BitTorrent has this part
> >> built-in. Otherwise, you would use something like the distinfo files in
> >> /usr/ports to help confirm the validity of files.
> > BitTorrent doesn't get some public checksums from some public
> > servers transparently, does it?
> Each file distributed by BitTorrent has a tracker and a seed .torrent which
> describes the checksums of the file (and it's parts), and manages the list of
> hosts offering the file.
> >> On the other hand, Torrent doesn't do any worse than FTP or HTTP.
> > The FTP-servers should be more or less official and should contain
> > more or less uncompromised data.
> A lot of people thought that about ftp.gnu.org, or ftp.sendmail.org, or other
> well-known FTP sources which have been compromised.
> > Hosts that offer BitTorrent probably are less official.
> True, but you are not relying on them to confirm the downloaded data is
> correct, you are relying on the seed host and it's .torrent file.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions