begin quoting Lan Barnes as of Sat, Jul 19, 2008 at 10:13:57AM -0700: > > On Fri, July 18, 2008 8:44 pm, James G. Sack (jim) wrote: > > > > In any case, I can think of something else to observe: embedded labels > > can not really be used to verify files -- you need a real hash > > authentication mechanism to do that, eh? But that wasn't the question > > here, I don't think ..so.. nevermind. :-) > > > > No, they work, Jim, thanks to strings
He said *verify*, not *identify*. Verification is a far more difficult task. Embedding labels into object files gives you a better chance of finding out exactly what source went into a particular build, which is helpful for debugging. But if you try to reason on that information _in_ the program, well, binary editors aren't hard to come by (or you can install emacs) and that information can easily lie. It's really annoying when a program tried to check the version of some support code; what's even more annoying is when the developer figures out some clever way to check ... but failed to actually test to see if it makes a difference. -- Mostly we see this with shared libraries. Stewart Stremler -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
