On Fri, Jul 27, 2001 at 09:09:55PM +0200, Wichert Akkerman wrote: > Previously Marcus Brinkmann wrote: > > Can you elaborate on the advantage of letting everyone generate their own > > checksums for the installed files? Seems to me a waste of cpu cycles. > > We process all the data in a pipe anyway so calculating the checksum > takes no effort. Benefits are we don't need to store them on lots of mirrors > (space saving), it's more configurable (specify which checksums you want), > it's more flexible (easily add new checksums without changing the archive).
I think that the checksums should be in the package, and burned on CDs along with the package, so you can verify them more easily. Creating them by an untrusted system, and storing them on writable media (even temporarily) is a process which is difficult to harden. In contrast, if the md5sums are stored in the package on CD, verification is easy: You just need to boot from the (trusted) CD, and kick off the comparison with the CD content. It is easier to trust a list of checksums mirrored world wide and verified by many users than to trust a list which is generated by the system you want to verify. The whole checksums should only take up a couple of megabytes, and any per-file checksum which is cryptographically secure should do. I don't see the need for a lot of flexibility here. Thanks, Marcus