James Carlson wrote: > (Having a big database of MD5 and SHA-1 checksums searchable on > checksum is a nifty hack around the problem ... but it's still a > problem, and shouldn't need a hack. You should be able to go directly > from advertised version number to verified checksum in one step.)
As an aside we do actually have such a thing: For any given binary we can find out which SVR4 package on which release of Solaris or patch to a given release it came from: http://sunsolve.sun.com/fileFingerprints.do -- Darren J Moffat
