LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-18-2008, 12:43 PM   #1
bapigoo9
Member
 
Registered: Aug 2008
Posts: 107

Rep: Reputation: 16
New distro and repo, why not use md5 and sig like Slackware


Without naming names, I thought that it would be good if all new distros and repositories for Linux software would require the use of md5 (or sha1) for all files and require signatures on those same files using a key. This is what Slackware does, and you can check that the signature is good and that the md5 matches so that it is less likely that the download was wrong or that you used a bad mirror site. Being able to check that the md5 is authentic is good and without a signature, a bad site can just post a bad md5.

With OSS it can be tedious to get every maintainer to post a signature and md5, but it should be required. Any thoughts?
 
Old 12-18-2008, 01:26 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,332
Blog Entries: 55

Rep: Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533Reputation: 3533
Not all new but all new and old. Anyway, this procedure wasn't "invented" or like that by Slackware nor has it not been evangelized for ages. Without naming names certain package management systems have been just way more versatile and mature in what they can accept or not for some time. But still it's good you mentioning GPG-signed releases. Point is if people want SW they'll just download and use it and not bother asking for a sig (a few exceptions there). So if distro mongers, developers and packagers don't get flooded with requests this won't change. And even then...
 
Old 12-29-2008, 01:57 PM   #3
bapigoo9
Member
 
Registered: Aug 2008
Posts: 107

Original Poster
Rep: Reputation: 16
Quote:
So if distro mongers, developers and packagers don't get flooded with requests this won't change. And even then...
Good point.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ptrace(PTRACE_CONT, sig) kills app even if sig is blocked ocstjf Linux - Kernel 0 04-21-2008 04:17 PM
MD5 and SIG oasisbhrnw Linux - Newbie 4 03-15-2007 10:53 PM
how to use syanptic in fc 5 and how to add repo and which repo to be added.. vikas04522 Fedora 1 08-26-2006 01:41 PM
how to use syanptic in fc 5 and how to add repo in it and which repo is to be added.. vikas04522 Linux - Software 1 08-26-2006 01:29 PM
How can I tell if my distro is using md5 or blowfish LinuxHawk Linux - Security 1 01-25-2005 10:41 PM


All times are GMT -5. The time now is 05:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration