[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Original sources, or not

Hi, Manoj Srivastava wrote:

> On Thu, 18 Sep 2003 11:40:12 +0200, Matthias Urlichs
> <smurf@smurf.noris.de> said:
> 	Uhh, if you can't create the identical file, how can you get
>  one with the same md5sum?  Have you cracked md5sum? What am I
>  missing? 
(A) run md5sum across all files in an archive, sort that, and md5sum
the result.

(B) tar+gz an archive and md5sum that.

sum_A only counts the actual file contents and therefore is something an
integrity check may rely on; sum_B is affected by metadata (file
modification times, permissions, owners, etc.) and thus unlikely to be

Thus, if we ever decide to run an integrity check which covers the
original source archive(s), sum_A or something like it would make sense.

>> - a note in the copyright(?) file explaining what has been done
> 	We can recommend doing this one.

OK, I'll write up a proposal.

Matthias Urlichs   |   {M:U} IT Design @ m-u-it.de   |  smurf@smurf.noris.de
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
 - -
The exoteric, state-organised section of the Christian Church persecuted
and stamped out the esoteric section, destroying every trace of its
literature... in striving to eradicate... gnosis from human history.
		-- Dion Fortune, "The Mystical Qabalah"

Reply to: