Pádraig Brady wrote: > To summarize, the only caveat with my patch I think is that > it will give a false error for BSD format checksums > where the first entry has a file name starting with ' ' or '*'. > That should be exceedingly rare though, and is a lot better > than a false OK.
Oh. I misunderstood. We already accept one BSD variant: MD5 (f) = d41d8cd98f00b204e9800998ecf8427e so I guess it's hard to reject another. > Also in this case even without the patch, we're susceptible > to the 'trojan' case above. > > The workaround is easy as you suggest: > > sed 's/ / /' files.md5 | md5sum -c > > However that is not easily discoverable. > I'm 50:50, so I'll think a bit more. > Hmm I might just document in info that > the checksum utilities are compatible with > the BSD ones when processed like: > > md5 -r files... | sed 's/ / /' > files.md5 Whichever you prefer.
