Re: apt and multiple connections
On 24 Sep 2000, Thomas Bushnell, BSG wrote:
> > Because when you get the file from a multiple places, you add the
> > requirement of checking the file for consistancy and errors. A crc or
> > md5sum check is needed, both before the transfer (is it the _SAME_ file,
> > or just one the same size and date?) and after (did we put it back
> > together correctly?)
>
> People should be doing this *anyway* as part of the signature checking
> that should be standard in Debian.
'Should' and 'is' are 2 different things. Since the keyring isn't a
required package, neither is the signature checking. You'd have to make
the keyring required as well as gpg...
As it applies to the getting a file from multiple locations at once:
Even if you want to assume that a given filename with a given size and
date is the exact same file, you still have to verify at least the
signature on the end result file. That would be a minimum...
Functionally, that would be more useful than just a simple crc or md5sum.
add all of this to a already long to-do list for woody/beyond...
Reply to: