Phillip J. Eby wrote: >> So the assumption is that the cheeseshop is trusted, right? > > Right, but only at the same level that the cheeseshop-provided md5 is > correct. Assuming that the cheeseshop download area is distinct from > the cheeseshop application database, and one might be hacked but not the > other, then keeping the information separate is more useful than storing > it together.
Of course, this assumption is wrong: the download area is not different from the database, and whoever can hack one can easily hack the other. Regards, Martin _______________________________________________ Catalog-sig mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
