delorie.com/archives/browse.cgi | search |
X-Authentication-Warning: | delorie.com: mail set sender to geda-user-bounces using -f |
X-Recipient: | geda-user AT delorie DOT com |
X-Original-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= |
content-transfer-encoding:content-type:date:from:in-reply-to | |
:message-id:mime-version:references:reply-to:subject:to | |
:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=3x6lCiUKyqWtq36fA | |
V5pZ4KfAmfMse7MMu/ybHdg1bE=; b=DcicVj+Z3zNxELEcdRufduBFgyO6Scv6e | |
96z/o/9rj2kOU3QXZzKOZRtwl2INVNEgc8ik95gXcX22fIwzfIWpyx3iGhXgbK/u | |
X3LK52Oh0cRmypGrEdTsLQEigo4/a3p+rn0z4kb3V/ynQ39baVlKcz7R++O56qHC | |
HpTsdMCh4pAUKblp8uoxYFpe1PNao0aTnNbfVQuaIVeY3H1rYbD5eqzpt0AGBe/y | |
1OWi/VzSBCYi/EwGD3xbo/riYIc8Zy7W0z7VYeM9tXlgEguI4mR3ugTLOiPfj51d | |
JCDbRmDQwLCg73eqt4+UZ+tGwFRHy6SkUGrrQb0TagDQtxGUvLTeA== | |
X-Original-DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d= |
messagingengine.com; h=content-transfer-encoding:content-type | |
:date:from:in-reply-to:message-id:mime-version:references | |
:reply-to:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; | |
bh=3x6lCiUKyqWtq36fAV5pZ4KfAmfMse7MMu/ybHdg1bE=; b=hHFmB5/MNxAM | |
YLUdekmrrWwqYpoLBVz6P8ryrVoXQvyD31DQHQSaMB5/QUTAonFuUHyI/MBGUMMv | |
OMYnaXxngyJILYgiNs7FRXTzU44i0H91+e/TIQPKr7dFD7guGp3YTURfPFDIlncE | |
aTSdRVSyiSarlzvmLJXV+3h8N8gkKQn87DhaX20YUysX+xvYc4y6vREp1kplb0ii | |
yAkMclzr3eySy3Q20RzyJtse+kBs0Hlx65vrZWmjAer7wO9/d6kc2qZ0OkSbIbTo | |
DLdSO2NsHlM82DKXV1+KTiHIFRHDbxEGRyKdtWOlpTLinRNZ69hQ4Prqk921KDej | |
snMFdQmJyw== | |
X-ME-Proxy: | <xmx:AiGQWxcKNNeXio8O3dE8QeYrT9h6p__4pH12boDn_NX7OMogibNBxg> |
<xmx:AiGQW3dA6g8umrmIEtecJJ5olzj5bBHm7bnF0HfxnFnS4_UCPnN92Q> | |
<xmx:AiGQWwatOdp2sQVO7W5ozf7P-2xb8LOtZS7LWdHkR64wE55MDIGxog> | |
<xmx:AiGQW8or5OwFn-GL0598y3eRlnvqiWhgJxNMRneOmv0uK-Z5HhSvsg> | |
<xmx:AiGQWzYlfuktQbPXEInR_-wQIeiF53y5-XCvFAmIvcyMKcKWt_KrUQ> | |
<xmx:AiGQWyC6fdHuWd6lXB0eG2AtYnSDelTCcHURXHJA1p1oL5ja585CVw> | |
X-ME-Sender: | <xms:AiGQW1DikBz418yut4CBBcDeOX9MLTPxk52JNTeZzXhQ7El6S0QupQ> |
Subject: | Re: [geda-user] [pcb-rnd] anniversary release: 2.0.1 |
To: | geda-user AT delorie DOT com |
References: | <alpine DOT DEB DOT 2 DOT 00 DOT 1808290436410 DOT 21900 AT igor2priv> |
<0cf4753a-6fac-2e90-bdef-ab27e127810a AT fastmail DOT com> | |
<alpine DOT DEB DOT 2 DOT 00 DOT 1809050708420 DOT 21900 AT igor2priv> | |
From: | "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]" <geda-user AT delorie DOT com> |
Message-ID: | <1b455a32-722e-3224-bf81-28ca77523c23@fastmail.com> |
Date: | Wed, 5 Sep 2018 11:28:15 -0700 |
User-Agent: | Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 |
Thunderbird/52.9.1 | |
MIME-Version: | 1.0 |
In-Reply-To: | <alpine.DEB.2.00.1809050708420.21900@igor2priv> |
Reply-To: | geda-user AT delorie DOT com |
Errors-To: | nobody AT delorie DOT com |
X-Mailing-List: | geda-user AT delorie DOT com |
X-Unsubscribes-To: | listserv AT delorie DOT com |
On 09/04/2018 10:19 PM, gedau AT igor2 DOT repo DOT hu wrote: > Hello Girvin, > > On Tue, 4 Sep 2018, Girvin Herr (gherrl AT fastmail DOT com) [via > geda-user AT delorie DOT com] wrote: > >> Greetings, >> >> I just downloaded this version. However, there does not seem to be a >> check file to verify the contents. Is there an md5, or better, a >> gnupg ".asc" file to verify the file I downloaded is correct? >> >> If an asc file, where can I find the gnupg key to check it with? > > Here are the md5sums: > > ee0974eeff3f256f295b80cf993ac8e0 changelog-2.0.1.txt > a2f2cf0651851fce54dfed13b9ca3e5c pcb-rnd-2.0.1.tar.bz2 > 31f5fbff478fad8fa9ada5db26953230 pcb-rnd-2.0.1.tar.gz > c0a16d875eb2d84f40c7acba26d203cc pcb-rnd-2.0.1.zip > dd523cba0e62e315c409c9fc9e04e61f relnotes-2.0.1.txt > > sha1sums: > > d39014632b5da585a51715af11cc069288800253 changelog-2.0.1.txt > 3f00ceb8e58c298109437ee187ef382cc64b5c86 pcb-rnd-2.0.1.tar.bz2 > 37793ad5a2414b9c67cb386eee711f62b94b5899 pcb-rnd-2.0.1.tar.gz > 5e9efd428625b92dff8201fb510e3160c52399ae pcb-rnd-2.0.1.zip > 534a9764d0a394813c64138ba2379178e37d3f7a relnotes-2.0.1.txt > > Transmission: > > If you are worried about truncated files: the http header contains the > file length so your browser or donwloader would know if it received a > truncated file. If about transmission errors (random bits changing): > tcp/ip has checksums built in, that's usually enough, but probably > gzip/bz2 would also detect the problem. > > Security: > > We don't have automatism for checksum publication, because we don't > have a second channel (everything goes through repo.hu) so it wouldn't > mitigate an attack against repo.hu. I am sending this mail from > repo.hu too so although you get it through DJ's mailing list server, > the md5sums are really coming from the same machine as the tarballs - > won't increase security. I mean if a hypotetical attacker gains access > to that machine and alter the tarballs, he'd also alter the checksums > or signature published from/on the same machine. > > Best regards, > > Igor2 Igor2, Thanks for the checksums. I still feel better that what I have on my machine is what you expect me to have. I am not so concerned about transmission errors as about security. As you say, the sums could be hacked too, but that is why I prefer the gnupg key system. It is more difficult to hack, especially if the key is stored offsite, such as the gnupg website. FYI: To go one step further, I automatically check the files again in my Slackware Linux package buildscripts before I even start creating a Slackware package for installation. Thanks again and take care. Girvin Herr
webmaster | delorie software privacy |
Copyright © 2019 by DJ Delorie | Updated Jul 2019 |