recent discussion regarding 'checksums'
grarpamp at gmail.com
Mon Sep 27 03:09:13 MDT 2010
> Yes, right now "rsync -c" is not good if an attacker has had the
> opportunity to plant files on the destination and you want to make sure
> the files get updated properly, but that's an uncommon use case
Or whitehat people backing up cracked boxes.
Or anyhat people backing up data generated from their fleet of playstations.
> don't consider the issue urgent (i.e., I'm not going to fix it myself).
Didn't mean to imply any particular priority level.
Merely to show that some of the reasons hinted
at by readers as to why not to use at least MD5 or stronger
are not really valid if one expects to retain certain
amounts of data integrity when using -c.
Wish there were a way to metoo bugs/features
without all the account setup. Those are some
good bugs. Since I hash all my files in other
ways, it's not that biggie.
Though if I could find that 'warn on delete' with --link-dest
thingy in a release some day, ooohhh man ;-)
More information about the rsync