Re: Hashsum mismatch prevention strategies
- To: David Kalnischkies <kalnischkies+debian@gmail.com>
- Cc: deity@lists.debian.org
- Subject: Re: Hashsum mismatch prevention strategies
- From: Goswin von Brederlow <goswin-v-b@web.de>
- Date: Fri, 01 Jun 2012 10:07:36 +0200
- Message-id: <[🔎] 87fwafo3p3.fsf@frosties.localnet>
- In-reply-to: <CAAZ6_fAuRFfVCN-bLEJt1exV-5uuyYchmnMoAfDq0MSp5KyLYQ@mail.gmail.com> (David Kalnischkies's message of "Tue, 22 May 2012 13:38:34 +0200")
- References: <CAAZ6_fBOSg02os-MkAbn-qojggT2Bw7fC8t-zkMYBPB21JSOsg@mail.gmail.com> <87ipfrn9ok.fsf@gkar.ganneff.de> <87r4ufit9b.fsf@frosties.localnet> <20120520183006.GA30706@debian.org> <jpbg0l$lol$1@dough.gmane.org> <CAAZ6_fC-40KPT46=5SaQsCAk_F+Fi1ttTmqZQB1XzbBQ1y4PuA@mail.gmail.com> <jpcpiq$m0l$1@dough.gmane.org> <CAAZ6_fAuRFfVCN-bLEJt1exV-5uuyYchmnMoAfDq0MSp5KyLYQ@mail.gmail.com>
David Kalnischkies <kalnischkies+debian@gmail.com> writes:
> The alternative to tell the methods the expected values (hashes, size, ?)
> might be nicer. Especially http code could use the size (if known) to
> compare with Content-Length (if send by server) to know before the
> download is completed if the data we got belongs to the file we requested.
> (size mismatches very likely produce hashsum mismatches, too)
>
> [Noted both as an idea to test for the next abi break]
Yes please. That would allow writing a http method with fallback. For
example if the http method gets multiple IPs for a host then it could
try them all until it finds a server with the correct hash.
It would also allow implementing a method for a hash.d.o service I
suggested for fetching index files that are broken on a mirror without
having to teach apt how to encode the hash.
MfG
Goswin
Reply to: