Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 14 Mar 2001 01:21:33 -0800
From:      "David O'Brien" <TrimYourCc@NUXI.com>
To:        Peter Pentchev <roam@orbitel.bg>
Cc:        freebsd-arch@FreeBSD.ORG
Subject:   Re: [PATCH] add a SITE MD5 command to ftpd
Message-ID:  <20010314012132.A91957@dragon.nuxi.com>
In-Reply-To: <20010314084651.A23104@ringworld.oblivion.bg>; from roam@orbitel.bg on Wed, Mar 14, 2001 at 08:46:51AM %2B0200
References:  <20010313211544.B17733@ringworld.oblivion.bg> <200103140459.VAA03061@usr05.primenet.com> <20010314084651.A23104@ringworld.oblivion.bg>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Mar 14, 2001 at 08:46:51AM +0200, Peter Pentchev wrote:
> > > I know that adding a ``SITE MD5 filename'' command to our ftpd
> > > is a *very* little step in a possibly wrong direction (this will
..snip..
> This is NOT meant as a replacement for the local security check
> that is there for a very good reason.  It is only meant to
> provide some kind of an 'early warning' in those rare, but VERY
> annoying cases when the distributors reroll the dist tarballs
> without a version number bumping.  If the distributor wants to
> fool the FreeBSD Ports collection by using an ftpd that pretends
> to support this, yet does not, then we're absolutely no worse
> than we are now - the notification for changed checksums only
> comes when somebody tries to build the port and ends up sending
> a PR instead.

Perhaps you should fill in the details then.  First you say
"SITE MD5 filename" will keep us from having to download a binary to
check it.  Then that the check will not really be used for anything.
So _exactly_ how do you propose this feature to be used?  Only by the
fenner script?  If so, I think we can provide suffient bandwidth for that
w/o this "feature".

How will a site that pretends to have this capability yet does not; not
make things worse than today?  The only way for that to be the case is
for nothing/one to trust the result of "SITE MD5 filename" for *any*
purpose.  If that is the case, why have the "feature"?

-- 
-- David  (obrien@FreeBSD.org)
          GNU is Not Unix / Linux Is Not UniX

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010314012132.A91957>