On Jan 25 at 14:48, Chuck Swiger spoke:You need to have an external source of information which specifies a checksum or MD5 hash to confirm that the file has not been tampered with.
That to say I should download CHECKSUM.MD5 from one of the public FTP-servers by hand and do the MD5 checks myself, right?
Yes indeed, or use the files in a context like the ports tree, which does this sort of checking for you.
If you trust the Torrent tracker file, then BitTorrent has this part built-in. Otherwise, you would use something like the distinfo files in /usr/ports to help confirm the validity of files.
BitTorrent doesn't get some public checksums from some public servers transparently, does it?
Each file distributed by BitTorrent has a tracker and a seed .torrent which describes the checksums of the file (and it's parts), and manages the list of hosts offering the file.
On the other hand, Torrent doesn't do any worse than FTP or HTTP.The FTP-servers should be more or less official and should contain
more or less uncompromised data.
A lot of people thought that about ftp.gnu.org, or ftp.sendmail.org, or other well-known FTP sources which have been compromised.
Hosts that offer BitTorrent probably are less official.
True, but you are not relying on them to confirm the downloaded data is correct, you are relying on the seed host and it's .torrent file.
-- -Chuck
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
