[RFC] Using md5sums to verify integrity of an archive
Christian Ehrlicher
Ch.Ehrlicher at gmx.de
Fri Apr 18 17:49:35 CEST 2008
Hi,
due to recent discussions I decided to discuss this in a separate thread
to get it done :)
We've three options to distribute md5sums
- create one big md5sum file for each release (kde 4.0.70, kde 4.0.71)
we do --> kde_4_0_70.md5sum
- create a md5sum for every package (dbus-mingw-123456,
dbus-msvc-123456, kdelibs-msvc-123456, ...) --> dbus-mingw-123456.md5sum
- create a md5sum for every file (dbus-mingw-12345-bin,
dbus-mingw-12345-lib, dbus-mingw-12345-doc, dbus-mingw-12345-src) -->
dbus-mingw-123456-bin.md5sum
I prefer the second one.
The installer/emerge would then first fetch the md5sum for the package
and then download the file. Later when the file needs to be fetched
again we look for the md5sum and check if the file is correct. And only
if this isn't the case we'll refetch it from the net.
I also read about signing the packages but have no idea how to do so.
Comments?
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://mail.kde.org/pipermail/kde-windows/attachments/20080418/1a5858c7/attachment.pgp
More information about the Kde-windows
mailing list