linux-from-scratch/glfs
1
0
Fork 0
mirror of https://github.com/Zeckmathederg/glfs.git synced 2025-02-04 07:17:15 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

building-notes: MD5 can be used to detect stealth update

Browse Source
This commit is contained in:
Xi Ruoyao 2021-10-18 18:47:42 +08:00
parent 2ef4e24b89
commit 97ba4252b4
No known key found for this signature in database
GPG Key ID: D95E4716CCBB34DC
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
introduction/important/building-notes.xml
View File

@ -112,8 +112,13 @@ bunzip2 -v patchname.bz2</userinput></screen>
<screen><userinput>md5sum <replaceable>&lt;name_of_downloaded_file&gt;</replaceable></userinput></screen> <screen><userinput>md5sum <replaceable>&lt;name_of_downloaded_file&gt;</replaceable></userinput></screen>
<para>MD5 is not cryptographically secure, so the md5sums are only <para>MD5 is not cryptographically secure, so the md5sums are only
provided for detecting random errors or truncations introduced during provided for detecting unmalicious changes to the file content. For
network transfer. There is no <quote>100%</quote> secure way to make example, an error or truncation introduced during network transfer, or
a <quote>stealth</quote> update to the package from the upstream
(updating the content of a released tarball instead of making a new
release properly).</para>
<para>There is no <quote>100%</quote> secure way to make
sure the genuity of the source files. Assuming the upstream is managing sure the genuity of the source files. Assuming the upstream is managing
their website correctly (the private key is not leaked and the domain is their website correctly (the private key is not leaked and the domain is
not hijacked), and the trust anchors have been set up correctly using not hijacked), and the trust anchors have been set up correctly using