Doryforos Posted January 3, 2004 Share Posted January 3, 2004 I have always wondered why sites/developers offering installation packages for download -- either freeware, or commercial -- do not also offer a simple means for the users to verify the integrity of those packages, once downloaded, but before installation (this is the case mainly for packages developed for the MS-Win32 platform).The reason -- I guess -- is "user friendliness", once more, but this is not user-friendly at all. There are times when this is not an option, such as when a Windows Service Pack is downloaded and saved locally, to be used locally as well, but also burnt on a CD and used to apply the Service Pack on a friend's/relative's computer, when he/she cannot download such a huge file him/herself.In any case, things can happen during transfer, which can render files useless, and it would be nice to have a means to simply and quickly verify their integrity, so there will be no such doubts about the reasons why an installation did not succeed.Calculating the MD5 Sum for a file is considered a good means to verify its integrity, and utilities freely available on the Internet, both GUI and Command Line, make this task trivial for the users.An MD5Sums database could be created here, in the forum, to be used as a reference by anyone interested. A simple validation system could be employed, such as if -- say -- 5 members verify that the MD5Sum for a file posted by a member is correct, then this MD5Sum is assumed to be correct. Usual disclaimers will apply, of course.What's your opinion? Quote Link to comment Share on other sites More sharing options...
havnblast Posted January 4, 2004 Share Posted January 4, 2004 I myself dont worry about it - download and go. Quote Link to comment Share on other sites More sharing options...
ibe98765 Posted January 4, 2004 Share Posted January 4, 2004 An MD5Sums database could be created here, in the forum, to be used as a reference by anyone interested. A simple validation system could be employed, such as if -- say -- 5 members verify that the MD5Sum for a file posted by a member is correct, then this MD5Sum is assumed to be correct. Usual disclaimers will apply, of course.What's your opinion?Sounds like a lot of work for the forum. Why is this needed again? No one posts files here to download, just links to others places to go to get them.Personally, I've never, ever run an MD5 check against anything I've downloaded and I've never had a problem (that includes files from 2k to 200mb or more). I think MD5 checking is a Linux consipracy. Why do you only hear about MD5 on Linux stuff, never on Windows? Is the linux download process more prone to corrupt files or viruses? Quote Link to comment Share on other sites More sharing options...
Doryforos Posted January 4, 2004 Author Share Posted January 4, 2004 (edited) Hello ibe98765, Sounds like a lot of work for the forum. Why is this needed again?What I suggest, is that anybody who would like to do so, can post an MD5Sum for a file he/she downloaded, along with relevant data (i.e., the filename, as it is on the server, and the size of the file, in Bytes); it won't be mandatory for anyone, but voluntary.Personally, I've never, ever run an MD5 check against anything I've downloaded and I've never had a problem (that includes files from 2k to 200mb or more).It happens some times, and a hash value (not necessarily MD5, but it's the most widely used) is a good means to be certain that the file is (not) corrupt. A couple of days ago I downloaded a display adapter driver package (for MS-Windows), and when I started the installation, it aborted with an error message that the file was corrupt. Should I download it again? It's almost 13MB, so I'd rather like to have a clue, something more than just an error message. If a hash value was on the developer's website, I would be able to easily verify the integrity of the file.I think MD5 checking is a Linux consipracy. Why do you only hear about MD5 on Linux stuff, never on Windows?That's not true:References to Integrity Checking Means: WinZip, WinRAR, e.a. archivers use CRC error-checking, to verify the integrity of the files contained in the archives, as well as to attempt repairs of the archives.Open OfficeA Practical Introduction to GNU Privacy Guard in Windows [Old URL -- find it at the Web Archive][uPDATE: GPG integrity is now verified using SHA, so the above is now irrelevant]GPGShell...WebSites publishing MD5 Sums of the files they offer for Downloads:ABIT UtilitiesOpen OfficeInno SetupB-BandYou've never heard about MD5 on MS-Windows because it's rarely mentioned, or deeply hidden on most of the websites; it requires an extra step by the user, which -- I guess -- is not considered user-friendly, in the commercial software world. But, no one forces anybody to check, let the hashes be there for anyone interested!Developers who really care about their users, most of the times publish MD5 Sums (or other means for integrity checks), on their websites or ftp servers.Whenever there are integrity/security considerations, a hash value is a 99.99% good indicator that files are OK (or not).OTOH, if it is such a major problem for the forum, it is just a suggestion... Sorry for the inconvenience! Edited November 12, 2005 by Doryforos Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 4, 2004 Share Posted January 4, 2004 Doryforos,Anybody can start a topic. :)If you see that someone might benefit from this -- and as long as the hashes ares for legally obtainable files (see Forum Rules) -- I suggest that you start a topic and give the first MD5 checksum to get it started. Then those who wish to post can and everyone can take advantage.I would suggest starting one in the Windows or Applications forum if you wanted to do this for Windows, and/or in All Things Linux for applications in Linux. There is no specific common ground forum to put a single topic that would cover both Windows and Linux.Like all topics, it will either take off or not, but it sounds like a nice thing to do for those who make use of MD5 checksums -- and I think many do and not just in Linux. Quote Link to comment Share on other sites More sharing options...
nlinecomputers Posted January 4, 2004 Share Posted January 4, 2004 Personally I don't see the need. I've never been to a Linux site yet that didn't have the MD5Sum either posted on the webpage beside the download link or in a text file at the ftp site. A database here would be prone to user error(look at most of my posts. I'm the typo GOD!) and could be quickly rendered out of date by new versions. Besides, nothing personal, I wouldn't trust a source of MD5Sums unless it was the same source I downloaded the file from. Quote Link to comment Share on other sites More sharing options...
Doryforos Posted January 4, 2004 Author Share Posted January 4, 2004 LilBambiLike all topics, it will either take off or not, but it sounds like a nice thing to do for those who make use of MD5 checksums -- and I think many do and not just in Linux.Thank you ma'am, that's what I thought before I suggested the database thing; but there might be legal considerations, and I wouldn't like anybody to get in trouble.nline,Points taken! BAD idea!Thank you all, for your time! Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted January 4, 2004 Share Posted January 4, 2004 Doryforos,You are very welcome! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.