Re: apt and multiple connections

To: "Thomas Bushnell, BSG" <tb@becket.net>
Cc: debian-devel@lists.debian.org
Subject: Re: apt and multiple connections
From: Seth Cohn <scohn@clipper.net>
Date: Sun, 24 Sep 2000 00:44:14 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.21.0009240019080.1509-100000@scohn.clipper.net>
In-reply-to: <[🔎] 87k8c2uv5j.fsf@becket.becket.net>

On 24 Sep 2000, Thomas Bushnell, BSG wrote:

> > Because when you get the file from a multiple places, you add the
> > requirement of checking the file for consistancy and errors.  A crc or
> > md5sum check is needed, both before the transfer (is it the _SAME_ file,
> > or just one the same size and date?) and after (did we put it back
> > together correctly?)
> 
> People should be doing this *anyway* as part of the signature checking
> that should be standard in Debian.

'Should' and 'is' are 2 different things.  Since the keyring isn't a
required package, neither is the signature checking.  You'd have to make
the keyring required as well as gpg... 

As it applies to the getting a file from multiple locations at once:
Even if you want to assume that a given filename with a given size and
date is the exact same file, you still have to verify at least the
signature on the end result file.  That would be a minimum...  
Functionally, that would be more useful than just a simple crc or md5sum.

add all of this to a already long to-do list for woody/beyond...

Reply to:

Follow-Ups:
- Re: apt and multiple connections
  - From: Greg Stark <gsstark@mit.edu>

References:
- Re: apt and multiple connections
  - From: tb@becket.net (Thomas Bushnell, BSG)

Prev by Date: Re: Debian in Yugoslavia
Next by Date: Re: severe deficiencies in our PAM setup
Previous by thread: Re: apt and multiple connections
Next by thread: Re: apt and multiple connections
Index(es):
- Date
- Thread