Bug#402911: no control on md5sum when accessing to pdo dowload url

To: 402911@bugs.debian.org
Subject: Bug#402911: no control on md5sum when accessing to pdo dowload url
From: François <luna@bzh.net>
Date: Fri, 30 Mar 2007 17:58:41 +0200
Message-id: <[🔎] 20070330155841.GE2559@universal.soleil>
Reply-to: François <luna@bzh.net>, 402911@bugs.debian.org

It seems that there is now a bit of control : the md5sum indicated in
the URL must be well-formed (good length and only hexadecimal digits).

But the problem remains that no control on the md5sum itself is done. 
You can direct someone on this page with any (well-formed) invalid
md5sum. e.g.
<http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.30-4_i386.deb&md5sum=8b4192d23b18e2b6aa9204fc0ba65ead&arch=i386&type=main>
<http://packages.debian.org/cgi-bin/download.pl?arch=i386&file=pool%2Fmain%2Fd%2Fdietlibc%2Fdietlibc_0.30-4_i386.deb&md5sum=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&arch=i386&type=main>
et caetera.

Reply to:

Prev by Date: Re: I need a mentor for SoC
Next by Date: canceling of my email adress
Previous by thread: Re: Debian Documentation pages - Broken Link
Next by thread: canceling of my email adress
Index(es):
- Date
- Thread