Hi again! > I have to admit that I haven't used checksums yet but considering the > data someone enters in a web browser (passwords, PINs, ...) it surely > makes sense to verify checksums if you download the binary from a > server different from the main server.
Indeed... I would hate to see Camino at the center of a scandal because one of the mirrors was compromised (this purely hypothetical here, I am most certainly not criticizing the way mirrors are managed or anything like that) and users had no way to know about it. > Live checking (while the file is downloaded) might be quite > complicated, because paused downloads have to be considered separatly > and other issues have to be taken into account. Therefore I think a > contextual menu item which calculates the md5 checksum and puts it on > the clipboard might be the best solution. While live checking would be great, maybe having Camino simply compute the md5 of the file once it is downloaded and making it available to the user would be a first step. Then, users could manually check whether the information output by Camino matches the checksum of the file -- again, not as elegant as what you describe, of course, but a maybe a first step. > As already has been mentioned in bug 101743 there are more checksums > than md5, the question would be: which one to implement? md5 is > included with Mac OS X so there's no need to put the algorithm into > Camino and from what I know MD5 is the one used most (although surely > not the best one around). It indeed looks like md5 is the most widely used checksum. Apple uses SHA-1 but most users don't know about typing "openssl sha1" in their Terminals. Typing "sha1 MyFile" fails and this is enough to discourage most people -- me included for a long time, I shamefully confess. FJ _______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
