From owner-freebsd-questions@FreeBSD.ORG Thu Jan 27 18:11:38 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8015C16A4CF for ; Thu, 27 Jan 2005 18:11:38 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 98E1543D5C for ; Thu, 27 Jan 2005 18:11:37 +0000 (GMT) (envelope-from normal1.lists@gmail.com) Received: by wproxy.gmail.com with SMTP id 58so313071wri for ; Thu, 27 Jan 2005 10:11:28 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=lX7JmuWF8J1rbavxZeMb+XmXGHOlzzRZRnMAyxDf1tyBGZHdLeApr7hnM0h58juRPDQ6i9hWShoTiTdHzFn+vSTTBeKTFA5WT85Z/8pepoo9RBPCEv8JX9nZ9Dro1Jr9bQDmcu834rfcQH56p/9csrm/h3rtjH7244K/1tbLqUs= Received: by 10.54.46.50 with SMTP id t50mr154966wrt; Thu, 27 Jan 2005 10:11:27 -0800 (PST) Received: by 10.54.2.67 with HTTP; Thu, 27 Jan 2005 10:11:27 -0800 (PST) Message-ID: Date: Thu, 27 Jan 2005 10:11:27 -0800 From: gabriel To: Chuck Swiger In-Reply-To: <41F6C0EE.1070801@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <20050125192253.GA3088@gicco.homeip.net> <41F6A281.8030601@mac.com> <20050125205819.GA3574@gicco.homeip.net> <41F6C0EE.1070801@mac.com> cc: freebsd-questions@freebsd.org Subject: Re: Bittorrent secure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: gabriel List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 Jan 2005 18:11:38 -0000 You want true security, DONT USE IT! *hides behind the fridge* On Tue, 25 Jan 2005 16:58:06 -0500, Chuck Swiger wrote: > Hanspeter Roth wrote: > > On Jan 25 at 14:48, Chuck Swiger spoke: > >> You need to have an external source of information which specifies a > >> checksum or MD5 hash to confirm that the file has not been tampered with. > > > > That to say I should download CHECKSUM.MD5 from one of the public > > FTP-servers by hand and do the MD5 checks myself, right? > > Yes indeed, or use the files in a context like the ports tree, which does this > sort of checking for you. > > >> If you trust the Torrent tracker file, then BitTorrent has this part > >> built-in. Otherwise, you would use something like the distinfo files in > >> /usr/ports to help confirm the validity of files. > > > > BitTorrent doesn't get some public checksums from some public > > servers transparently, does it? > > Each file distributed by BitTorrent has a tracker and a seed .torrent which > describes the checksums of the file (and it's parts), and manages the list of > hosts offering the file. > > >> On the other hand, Torrent doesn't do any worse than FTP or HTTP. > > > > The FTP-servers should be more or less official and should contain > > more or less uncompromised data. > > A lot of people thought that about ftp.gnu.org, or ftp.sendmail.org, or other > well-known FTP sources which have been compromised. > > > Hosts that offer BitTorrent probably are less official. > > True, but you are not relying on them to confirm the downloaded data is > correct, you are relying on the seed host and it's .torrent file. > > -- > -Chuck > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- gabriel, Member of: FreeBSD-Announce FreeBSD-Hardware FreeBSD-Multimedia FreeBSD-questions