corinthia-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jan i <j...@apache.org>
Subject Use of SHA, MD5 checksums on a release
Date Thu, 20 Aug 2015 11:11:18 GMT
Hi.

I just saw Daniel recommended we add checksums to our release. I admit it
is very common but I fail to understand the purpose.

We add a checksum file showing e.g. MD5 for the zip, to make sure the zip
is not manipulated....BUT

If someone can change the content of the zip in the location, what is
stopping them from
also generating a new MD5.

For a checksum to be effective (and likewise with the KEY) it needs to be
stored in a
different more safe place, so an offender would have to break 2 places.

Please help me understand where my argument is wrong ?

rgds
jan i.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message