Google Summer of Code: Mozilla Projects

Posted Sep 28, 2007 13:40 UTC (Fri) by swiftone (guest, #17420)
In reply to: Google Summer of Code: Mozilla Projects by xav
Parent article: Google Summer of Code: Mozilla Projects

I doubt sending the md5 alongside the file will make it really secure in case of trojaned file.

Correct. This would be of value when the source of the link is not the same as the source of the file.

LWN, for example, could post links to packages on ibiblio. On download, the files from one source (ibiblio) would be checked to match the hash from another (LWN).

At that point the system is as trusted as the source of the link, which can have errors, but may be more secure than the current system (where the hash is rarely verified).