[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: md5sums files

* Anthony Towns <aj@erisian.com.au> [100307 07:42]:
> "Big"? It only makes a difference if:
> [...]
>   c) the system memory is corrupted just enough to screw the file but
> not everything else

For many machines installing packages is the biggest thing they ever do.
So with a very low error rate, that perhaps causes a iceweasel crash once
a month, it is likely that something like this actually happened.

> If you're still worried, perhaps about having read() return bogus data
> from the .deb that happens to still be valid when passed through
> ungzip and untar and after you've already verified the entire file by
> md5/sha1/sha256 when downloading,

And there still is the problem of the actual .deb being corrupted
somewhere. It's not like there never were packages that got corrupted
when generating the .deb and neither dak nor any apt nor dpkg
gave any warnings, even though the gz crc was wrong.

	Bernhard R. Link

Reply to: