Module file parse API
Alan Bateman
Alan.Bateman at oracle.com
Thu Jun 21 07:44:29 PDT 2012
On 21/06/2012 15:11, Sean Mullan wrote:
> :
>
> I've been a little bothered by the fact that the hashes aren't
> reusable when generating the signatures, and maybe there is a better
> design, but if nobody else is concerned for now, I'm ok with it.
I agree with your previous comments that the current hash isn't
providing any real security, but it does help with basic integrity, say
where it gets corrupted during transfer ("corrupted" might something
like legacy ftp transfer in ascii rather than binary mode for example).
As I understand it, the rational for per-section hashes was to provid
this basic integrity check when streaming. In any case, it might worth
looking briefly at other formats as this is now a new problem. Debian
packages usually include a MD5 control file for example.
-Alan
More information about the jigsaw-dev
mailing list