Re: kernel.org tarball/patch signature files

From: Valdis . Kletnieks
Date: Mon Oct 24 2011 - 13:18:39 EST


On Sun, 23 Oct 2011 13:37:27 +0200, Greg KH said:
> If you are really worried about decompressor bugs, then run them in a
> virtual machine/chroot :)

Of more concern than bugs are errors during download. Yes, TCP has a checksum,
which is a CRC that quite frankly sucks when we're talking the amount of data
that kernel.org moves. So there's a non-zero chance you'll get bad data
downloaded. And you really want to do a more effective data check (MD5 or SHA
sum, or a PGP signature) *before* you decompress, in case the corrupted data
causes a spew of gigabytes of trash and fills your filesystem.

Attachment: pgp00000.pgp
Description: PGP signature