Just a thought. I haven't considered this too deeply so I may well be
smoking crack.
In general, I would expect reputable mirrors to also mirror the MD5
checksum file. I'm not sure why they wouldn't.
I also think that rather than trying to solve all the problems at
once, the simplest solution here might also be sufficiently
effective. So why not just take this approach:
- When starting a download, look for the MD5 file in the same
location as the original. It is typically the download filename plus
the .md5 extension. You could check for other extensions/formats too.
- If the checksum file is found, download it along with the main file.
- On completion of the download, verify the main file against the
checksum and warn the user if they don't match.
- If no checksum is found, warn the user that no checksum exists but
still download the file.
- Provide an option in Preferences to disable the warning for folks
who don't really care. Enable it by default but provide a "Don't show
me this again..." option on the warning.
The advantage of the above are that it isn't intrusive, it is user
friendly and if more browsers support the concept then it should
encourage site owners to always include the MD5 or similar checksum
even on mirrors. If other methods of verifying the file integrity
exist or are developed, they can be subsumed into the implementation
without changing the user experience.
- Steve
On Aug 24, 2005, at 1:39pm, Martin Girschick wrote:
I have to admit that I haven't used checksums yet but considering
the data someone enters in a web browser (passwords, PINs, ...) it
surely makes sense to verify checksums if you download the binary
from a server different from the main server.
As long as there is no protocol or html-construct for checksums I
don't see a way to implement it easily. One idea would be to
automatically point from mirrored downloads to the main source
where the browser can automatically fetch the checksum to be able
to verify it against the downloaded copy from the mirror site. I
don't know whether a concept like this already exists.
Live checking (while the file is downloaded) might be quite
complicated, because paused downloads have to be considered
separatly and other issues have to be taken into account. Therefore
I think a contextual menu item which calculates the md5 checksum
and puts it on the clipboard might be the best solution.
As already has been mentioned in bug 101743 there are more
checksums than md5, the question would be: which one to implement?
md5 is included with Mac OS X so there's no need to put the
algorithm into Camino and from what I know MD5 is the one used most
(although surely not the best one around).
Cheers,
Martin
_______________________________________________
Camino mailing list
[email protected]
http://mozdev.org/mailman/listinfo/camino
_______________________________________________
Camino mailing list
[email protected]
http://mozdev.org/mailman/listinfo/camino
