| Summary: | Validate MD5s against authoritative source (e.g. .md5.asc) | ||
|---|---|---|---|
| Product: | [Applications] k3b | Reporter: | Brad Hards <bradh> |
| Component: | Verfication | Assignee: | k3b developers <k3b> |
| Status: | CONFIRMED --- | ||
| Severity: | wishlist | CC: | diazluis, mail |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
|
Description
Brad Hards
2005-01-29 06:21:11 UTC
I disagree with the use of knewstuff, because it will create a lot of work to keep track even of all the images in one central place since we then need to be sure that the md5 sums there are valid. Furthermore, this is generally not what is done for ensuring that images are what they claim to be. There is however a lot of merit in the idea of an authoritative source. The way this is done is by providing the image a .md5 and a .md5.asc file. The best way of not unloading work on a knewstuff maintainer is to do two things: 1) use the external .md5 file 2) integrate gpg/kgpg in order to verify the .md5 file *** Bug 126441 has been marked as a duplicate of this bug. *** Just an idea: It would yet be great check if MD5SUMS exists in the directory where the .iso is, and check against this. a patch someone? ;) |