On 05.02.2015 21:59, Freddie Chopin wrote: > On 02/05/2015 08:49 PM, Michael Schwingen wrote: >> For this to be true, the checksums would have to come from a different >> source. If someone can modify the binary on your webserver, he could >> also modify the md5sum files. cu Michael > The MD5 checksums are visible on the website and I verified that they > match the files I have backed up "locally" - these files are "originals" > which I uploaded to the website. Of course someone could have hacked my > personal computer, ... They are now (unless a MITM modifies my download), but are they still unmodified when I download the files next week? > Lets not pursue this "false positive" madness any further (; This is > just a case of heuristics trying to be too smart, the files are clean. I am convinced the files are clean, I am just saying that verifying the MD5-sums from the same source as the download is nearly useless to make sure the files are original.
Now if you had included the MD5-sums of the files in your mail, we would have had an independent channel for verification. cu Michael ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ OpenOCD-devel mailing list OpenOCD-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openocd-devel
