At 2015-02-05 01:11:54,"Steve Hall" <[email protected]> Wrote:
The same entity serves the site and the files so there's no security advantage by making the checksum avialable either way. ------------------------------------------------------ Every time I download gvim from http://sourceforge.net/projects/cream/files/Vim/, the downloading is always redirected to a SAME mirror site. So if the checksum of gvim is not DIRECTLY displayed on http://sourceforge.net/projects/cream/files/Vim/, there is no way to know if the downloaded gvim is the original even if a checksum file is also provided as the checksum file downloading is also redirected to that mirror site. The prerequisite of a user to download something is that he trusts that site providing download service. We trust such sites like http://www.vim.org and http://sourceforge.net/projects/cream/files/Vim/ not mirror sites. Therefore if checksum is DIRECTLY displayed on those sites, we trust it. One has to trust at least one thing. This way, we can download gvim from ANY site such as a mirror or untold software sites. And, the original sites http://www.vim.org and http://sourceforge.net/projects/cream/files/Vim/ only take an extra cost of displaying checksum on their sites, most downloading costs could be put on other sites --- SAFELY. With the correct checksum worth trusting, the gvim is trusted as well no matter where it comes from. This is very like US's political system. Separation of the Three Powers(a.k.a. Checks and Balances) is the backbone supporting US's prosperity. One can not legislate and execute it at the same time while he is not trusted COMPLETELY. I'm trying to avoid top-posting. -- -- You received this message from the "vim_use" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php --- You received this message because you are subscribed to the Google Groups "vim_use" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
