Subject: Re: sup hell
To: Simon J. Gerraty <firstname.lastname@example.org>
From: Perry E. Metzger <email@example.com>
Date: 11/02/1995 11:51:08
"Simon J. Gerraty" writes:
> Since most sup server sites seem to use supscan, would it be feasible
> to have supscan produce an MD5 checksum list, which is returned to the
> client and used in retreival decsions.
I would almost prefer MD5 (or SHA!), since they are far more resistant
to accidental collisions than the TCP checksum, which isn't very
good. Also, given an MD5 list of all the files in the release, the
source master could conceivably produce a PGP signature over the MD5
or SHA checksums, thus proving that the archive had not been tampered
Actually, I would very much like to see the core team PGP sign the
sources and binaries to the next release...