It would seem likely that those who transmit content to Fedora with an MD5
checksum have a preference for (or at least an existing implementation for)
using MD5 to do content verification. If Fedora is already doing the work
to calculate an MD5 to verify the transfer, what is the harm in storing the
MD5 along with whatever checksum Fedora prefers to use (such as SHA1)? As
Scott mentioned, this would likely allow for simpler integration with
external systems that use MD5, without limiting Fedora to any particular
checksum implementation. The datastream profile request would return both
the checksums.
Bill
On Thu, Mar 7, 2013 at 12:01 PM, Scott Prater <pra...@wisc.edu> wrote:
> Two questions occur to me:
>
> 1) Performance? That is, would anyone prefer to implement their own
> checksum algorithm/hashing algorithm for performance reasons? I imagine
> this would only be an issue for very large objects.
>
> 2) Integration with third-party applications? If my own internal
> processes generate/store/use MD5 checksums for digital objects, does
> that mean outside systems would either need to do their own checksum
> verification, and ignore Fedora's verification tools, or get with the
> program and use SHA1 checksums? Possibly not a huge deal.
>
> -- Scott
>
> On 03/07/2013 10:48 AM, Benjamin Armintor wrote:
> > This email concerns Fedora-Futures development, and not work in the
> > FCRepo 3.x line.
> >
> > One of the things that Modeshape does (as do a number of other storage
> > services) is key stored bytes of a hash of the content. By default,
> > Modeshape uses the SHA1 hash.
> >
> > Because of this, we are considering doing away with the storage of
> > arbitrary checksums for bytestreams, and only using alternative
> > algorithms to verify the transfer. So, for example, if you transmit
> > bytes with a MD5 checksum, Fedora would use that MD5 to verify the
> > content, but then calculate and store only its own checksum (for the
> > sake of argument, SHA1). Queries on the datastream "profile" information
> > would return the stored/internal checksum (SHA1).
> >
> > How does everyone feel about this?
> >
> >
> >
> ------------------------------------------------------------------------------
> > Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
> > Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
> > endpoint security space. For insight on selecting the right partner to
> > tackle endpoint security challenges, access the full report.
> > http://p.sf.net/sfu/symantec-dev2dev
> >
> >
> >
> > _______________________________________________
> > Fedora-commons-developers mailing list
> > Fedora-commons-developers@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
> >
>
>
> --
> Scott Prater
> Shared Development Group
> General Library System
> University of Wisconsin - Madison
> pra...@wisc.edu
> 5-5415
>
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Fedora-commons-developers mailing list
Fedora-commons-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
