Re: kernel.org tarball/patch signature files

From: Valdis . Kletnieks
Date: Mon Oct 24 2011 - 13:18:39 EST

Next message: Josh Stone: "[PATCH] x86: Fix compilation bug in kprobes' twobyte_is_boostable"
Previous message: Kyle Manna: "[PATCH v2 1/6] mfd: TPS65910: Handle non-existent devices"
Next in thread: Greg KH: "Re: kernel.org tarball/patch signature files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 23 Oct 2011 13:37:27 +0200, Greg KH said:
> If you are really worried about decompressor bugs, then run them in a
> virtual machine/chroot :)

Of more concern than bugs are errors during download. Yes, TCP has a checksum,
which is a CRC that quite frankly sucks when we're talking the amount of data
that kernel.org moves. So there's a non-zero chance you'll get bad data
downloaded. And you really want to do a more effective data check (MD5 or SHA
sum, or a PGP signature) *before* you decompress, in case the corrupted data
causes a spew of gigabytes of trash and fills your filesystem.

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Josh Stone: "[PATCH] x86: Fix compilation bug in kprobes' twobyte_is_boostable"
Previous message: Kyle Manna: "[PATCH v2 1/6] mfd: TPS65910: Handle non-existent devices"
Next in thread: Greg KH: "Re: kernel.org tarball/patch signature files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]