From owner-freebsd-arch Wed Mar 14 18:56: 8 2001 Delivered-To: freebsd-arch@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 7D39F37B718 for ; Wed, 14 Mar 2001 18:56:06 -0800 (PST) (envelope-from dillon@earth.backplane.com) Received: (from dillon@localhost) by earth.backplane.com (8.11.2/8.9.3) id f2F2u1b37896; Wed, 14 Mar 2001 18:56:01 -0800 (PST) (envelope-from dillon) Date: Wed, 14 Mar 2001 18:56:01 -0800 (PST) From: Matt Dillon Message-Id: <200103150256.f2F2u1b37896@earth.backplane.com> To: "David O'Brien" , Brooks Davis , freebsd-arch@FreeBSD.ORG Subject: Re: [PATCH] add a SITE MD5 command to ftpd References: <20010314084651.A23104@ringworld.oblivion.bg> <200103142342.QAA09233@usr08.primenet.com> <20010314161555.A4984@Odin.AC.HMC.Edu> <20010314185026.C7683@dragon.nuxi.com> Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Doesn't SITE MD5 introduce a race condition? What if someone does a SITE MD5 and someone else then renames or modifies the file before the first person proceeds to download it? Also, why bother doing an MD5 on the remote site if 99.9% of the time you are going to get a match and download the file anyway? You might as well download it first. Or perhaps simply check the size of the file for a match (e.g. enhance ports to include the file size to check against in addition to the MD5), then download it, then do the MD5 on the local box. I just don't see much point in adding a command to FTP that isn't going to be generally useful and has security holes in it to boot. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message