[virt-tools-list] [PATCH libosinfo 1/3] Fill out media for all Ubuntu distros
Daniel P. Berrange
berrange at redhat.com
Thu Feb 23 13:25:47 UTC 2012
On Thu, Feb 23, 2012 at 01:49:10PM +0100, Christophe Fergeau wrote:
> On Thu, Feb 23, 2012 at 02:30:35PM +0200, Zeeshan Ali (Khattak) wrote:
> >
> > Didn't think of these but yeah, sounds good except that I think we
> > could do with just one checksum element per ISO:
> >
> > <checksum url="http:/...."/>XXXXXX</checksum>
> >
> > where "XXXXXX" code could just be "" if url is provided. Then we can
> > also add an attribute for md5 of first 1MiB:
> >
> >
> > <checksum url="http:/...." first-5-mib="YYYYY">XXXXXX</checksum>
> >
> > Open to suggestion about better name for 'first-5-mib' here.
>
> first-1-mib which would more accurately reflect reality? :)
> Maybe just "partial-md5" or "fast-md5" and document that it's 1MB only?
>
> Another thought, do we want to restrict ourselves to md5? Given the various
> md5sum collision issues, I wouldn't want people to rely on libosinfo to
> check the md5 of an ISO and then have these people assume they are
> guaranteed that the ISO is the one they think it is because libosinfo
> "authenticated" it.
If we're pointing to a URL for the checksum, then we'll need to be using
whatever algorithm the vendor has chosen to publish.
If we're just including checksums we've calculated ourselves, then we
ought to just go straight for sha256. So perhaps
<checksum type='md5|sha1|sha256|...' url="http://..." partial="YYYY">XXXXX</checksum>
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the virt-tools-list
mailing list