jgcode Posted June 26, 2010 Report Share Posted June 26, 2010 I thought I would post this here rather than LAVA CR as it a technical request as opposed to a discussion on code. Now that we have the ability to upload multiple deliverables, would it be possible to allow text files to be uploaded too? The reason being I would like to include a text file with a checksum in it, for the package. I have included this in the zip file but I thought it may be handy if someone just wants the package version and the checksum, rather than download the zip? (I guess I can always just post it up) Thoughts? Cheers -JG Quote Link to comment
Yair Posted June 27, 2010 Report Share Posted June 27, 2010 Maybe it's just me, but I never really understood the point of these hashes - if someone has the permission to replace the file, wouldn't they also have the permission to replace the hash with one which matches the new file? Quote Link to comment
jgcode Posted June 27, 2010 Author Report Share Posted June 27, 2010 Maybe it's just me, but I never really understood the point of these hashes - if someone has the permission to replace the file, wouldn't they also have the permission to replace the hash with one which matches the new file? I guess you could be right, but it could be more the point of checking that your download is ok (from a transfer point of view rather than security)? Anyways, there might be other reasons for allowing text files besides my example, so I was curious to see what others think. Quote Link to comment
ShaunR Posted June 27, 2010 Report Share Posted June 27, 2010 I guess you could be right, but it could be more the point of checking that your download is ok (from a transfer point of view rather than security)? Anyways, there might be other reasons for allowing text files besides my example, so I was curious to see what others think. Zip files have a checksum built in. You get warnings/failures if the file is corrupt and you try to extract. Most text files are MD5 hashes which is more of a test of trust than corruption - to ensure the file downloaded IS ithe file you are expecting.. Quote Link to comment
jgcode Posted June 27, 2010 Author Report Share Posted June 27, 2010 Zip files have a checksum built in. You get warnings/failures if the file is corrupt and you try to extract. Yes, but I am not talking about the .zip file I am talking about the .ogp file - which is .zip but not extracted in the traditional sense. Quote Link to comment
Daklu Posted June 27, 2010 Report Share Posted June 27, 2010 Maybe it's just me, but I never really understood the point of these hashes - if someone has the permission to replace the file, wouldn't they also have the permission to replace the hash with one which matches the new file? Typically the hash is posted on the author's website. Somebody changing the source code can't change the hash on the website, so by checking the hash of the download against the hash shown on the website you can make sure the binary is identical. I'm not sure there's any value in including the hash as part of the download. I don't think I've ever had a download end up corrupted. Quote Link to comment
jgcode Posted June 27, 2010 Author Report Share Posted June 27, 2010 Ok as so most people don't care, I will drop it. Thanks all for posting. Quote Link to comment
Daklu Posted June 27, 2010 Report Share Posted June 27, 2010 Ok as so most people don't care, I will drop it. We're just trying to save you the extra work. Quote Link to comment
jgcode Posted June 28, 2010 Author Report Share Posted June 28, 2010 We're just trying to save you the extra work. Thanks, but due to the orangutan ancestor blood in me, its all been automated through a script Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.