[Fedora QA] #237: tests to verify that torrents and mirrors contain signed checksum files

Fedora QA trac at fedorahosted.org
Thu Dec 8 01:22:07 UTC 2011 

#237: tests to verify that torrents and mirrors contain signed checksum files
-----------------------+----------------------------------------------------
  Reporter:  robatino  |       Owner:     
      Type:  task      |      Status:  new
  Priority:  major     |   Milestone:     
 Component:  Wiki      |     Version:     
Resolution:            |    Keywords:     
-----------------------+----------------------------------------------------
Comment (by robatino):

 Replying to [comment:6 adamwill]:
 > What's the status here, Andre?

 No change as far as I know.
 [https://fedoraproject.org/wiki/Release_Engineering_Release_Tickets] is
 the same. We didn't have any problems with 16 Final, but that was just
 because of the recent attention due to these tickets, not any process
 change.

 > Are you stuck waiting on releng? Anything I can do to help move this
 along? Is https://fedorahosted.org/rel-eng/ticket/4986 relevant to this
 issue too?

 That ticket would greatly help making these kinds of mistakes less likely,
 but I still think QA should be able to test _everything_ before release,
 including checksum and torrent files, not just ISOs, as it's doing now.

 There's another issue which I brought up in
 [https://bugzilla.redhat.com/show_bug.cgi?id=727387] which is that I think
 it would be a good idea for the checksum files to include file sizes in
 bytes, as comments. The original motivation is that most of our ISOs are
 hybrid now, so if you burn it to media you can't read it off and verify
 the checksum without knowing independently what the file size is (since
 you can't trust the ISO header anymore). Also, truncation is probably the
 most common form of corruption, and people downloading an ISO via browser
 or a buggy bittorrent client don't know what the exact size is supposed to
 be. If they did, they could just finish the last few KB instead of
 downloading the full ISO a half dozen times. I'm not sure if that issue
 belongs in one of these tickets. If the checksum files were to include
 this, they would have to be changed separately for install and live
 images, since I believe install checksums are made automatically by pungi,
 and live checksums manually.

-- 
Ticket URL: <https://fedorahosted.org/fedora-qa/ticket/237#comment:7>
Fedora QA <http://fedorahosted.org/fedora-qa>
Fedora Quality Assurance

More information about the test mailing list