In an SMP/E FROMNETWORK package a strong checksum of each component is compared to a value in GIMPAF.XML, and a checksum of GIMPAF.XML itself is compared to a value in the CLIENT data set. But how is the CLIENT data set itself transmitted?
Minor correction: the SHA-1 hash (checksum) for GIMPAF.XML is in the SERVER data set, not CLIENT.
In any case, for IBM's z/OS platform software and service packages ordered using Shopz, the SERVER data set information is obtained through Shopz, therefore, it is transmitted to you using HTTPS. For PTF packages ordered using SMP/E RECEIVE ORDER, a package's SERVER information is transmitted from the IBM order server to SMP/E also using HTTPS. I can't say how you or other vendors transmit this important SHA-1 hash value, but I think IBM's software packages are protected in this regard.
Kurt Quackenbush -- IBM, SMP/E Development ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
