Re: kernel.bkbits.net off the air
From: Andrea Arcangeli
Date: Thu Nov 13 2003 - 11:42:04 EST
On Thu, Nov 13, 2003 at 08:29:45AM -0800, Larry McVoy wrote:
> If we had this approach we wouldn't have caught the torjan horse in the
> CVS tree. We checksum all the data, changed or not. Your approach
> pushes that duty onto the end users, and let's have a show of hands,
the suggestion of the md5sum wasn't related to keeping the data
secure/robust, we don't want to move the "robustness" duty onto the end
users of course, we only want to know when we can break the rsync loop.
The fact we'll do a further check possibly with a signature on the
md5sums, is a bonus, but it's not meant to replace in any way the
robusteness effort on the server side and we don't do it for robustness,
we do it only for providing a means of coherency to the changesets in
the tree.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/