From owner-freebsd-arch Wed Mar 14 1:25:43 2001 Delivered-To: freebsd-arch@freebsd.org Received: from dragon.nuxi.com (trang.nuxi.com [209.152.133.57]) by hub.freebsd.org (Postfix) with ESMTP id D285B37B71C for ; Wed, 14 Mar 2001 01:25:40 -0800 (PST) (envelope-from obrien@NUXI.com) Received: (from obrien@localhost) by dragon.nuxi.com (8.11.3/8.11.1) id f2E9Msj92118; Wed, 14 Mar 2001 01:22:54 -0800 (PST) (envelope-from obrien) Date: Wed, 14 Mar 2001 01:21:33 -0800 From: "David O'Brien" To: Peter Pentchev Cc: freebsd-arch@FreeBSD.ORG Subject: Re: [PATCH] add a SITE MD5 command to ftpd Message-ID: <20010314012132.A91957@dragon.nuxi.com> Reply-To: freebsd-arch@FreeBSD.ORG References: <20010313211544.B17733@ringworld.oblivion.bg> <200103140459.VAA03061@usr05.primenet.com> <20010314084651.A23104@ringworld.oblivion.bg> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010314084651.A23104@ringworld.oblivion.bg>; from roam@orbitel.bg on Wed, Mar 14, 2001 at 08:46:51AM +0200 X-Operating-System: FreeBSD 5.0-CURRENT Organization: The NUXI BSD group X-Pgp-Rsa-Fingerprint: B7 4D 3E E9 11 39 5F A3 90 76 5D 69 58 D9 98 7A X-Pgp-Rsa-Keyid: 1024/34F9F9D5 Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Mar 14, 2001 at 08:46:51AM +0200, Peter Pentchev wrote: > > > I know that adding a ``SITE MD5 filename'' command to our ftpd > > > is a *very* little step in a possibly wrong direction (this will ..snip.. > This is NOT meant as a replacement for the local security check > that is there for a very good reason. It is only meant to > provide some kind of an 'early warning' in those rare, but VERY > annoying cases when the distributors reroll the dist tarballs > without a version number bumping. If the distributor wants to > fool the FreeBSD Ports collection by using an ftpd that pretends > to support this, yet does not, then we're absolutely no worse > than we are now - the notification for changed checksums only > comes when somebody tries to build the port and ends up sending > a PR instead. Perhaps you should fill in the details then. First you say "SITE MD5 filename" will keep us from having to download a binary to check it. Then that the check will not really be used for anything. So _exactly_ how do you propose this feature to be used? Only by the fenner script? If so, I think we can provide suffient bandwidth for that w/o this "feature". How will a site that pretends to have this capability yet does not; not make things worse than today? The only way for that to be the case is for nothing/one to trust the result of "SITE MD5 filename" for *any* purpose. If that is the case, why have the "feature"? -- -- David (obrien@FreeBSD.org) GNU is Not Unix / Linux Is Not UniX To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message