Google Summer of Code: Mozilla Projects
Posted Sep 28, 2007 13:40 UTC (Fri) by swiftone
In reply to: Google Summer of Code: Mozilla Projects
Parent article: Google Summer of Code: Mozilla Projects
I doubt sending the md5 alongside the file will make it really secure in
case of trojaned file.
Correct. This would be of value when the source of the link is not the same as the source of the file.
LWN, for example, could post links to packages on ibiblio. On download, the files from one source (ibiblio) would be checked to match the hash from another (LWN).
At that point the system is as trusted as the source of the link, which can have errors, but may be more secure than the current system (where the hash is rarely verified).
to post comments)