12 Jan
2009
12 Jan
'09
10:29 p.m.
On Mon, Jan 12, 2009 at 4:20 PM, Aaron Schaefer <aaron@elasticdog.com> wrote:
Is it that you don't see package verification as a possible security issue? Then why do we use hashes at all? Why not record the size of the file in bytes and put that in the PKGBUILD instead to check for incomplete downloads?
Have you never had a corrupted download? "Alright, 356K... wait, not a tar file? what the hell?" checksums have been used to "check" transmission of data for ages. Hell, your router even does some form of checksumming on packets it sends and receives.