blob: 621e01d6f8bf5bd2445c7496cab1572de03231ed (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
[[!comment format=mdwn
username="http://joeyh.name/"
ip="209.250.56.87"
subject="comment 1"
date="2013-12-15T19:38:48Z"
content="""
If you don't trust a remote repository, then you should either
a) Not use that repository at all, because its malicious owner could put any evil file he wants in it with an entirely correct hash.
b) Make it a gcrypt remote so all content stored on it is encrypted. Decrypting it will include validating that you get out what you originally put in.
So these scenarios are not good arguments for validating every file after it's downloaded.
If it were possible to do a rolling checksum as part of the download, rather than needing to pull the entire file back off disk and checksum it, I'd do so. But it's generally not; for example when git-annex is downloading a file using rsync it may resume part way through a previous interrupted download, and rsync is storing the file to disk, not streaming it to git-annex.
"""]]
|
