Susan, Steven and all other users of the PL2005CD -
This discussion, as I intended it, is not about people and who did
what, when. But something didn't go as well this year as last year
and the end result is an inability to verify the integrity of the
files on the PL2005CD. For text files, web pages, pictures, audio
files - so what? But for binary executables, a wrong byte or two in a
crucial place can be a snafu of computer crashing proportion.
Program files were aggregated from all over the world wide web, made
into an iso and pulled from one side of the Atlantic to the other (and
further, in some cases). All this moving of files back and forth on
the web introduces potential error, through nobody's fault - it just
the nature of the beast. Using file size, down to the byte is not
accurate enough to ensure that executable binaries are going to run as
designed.
Okay, so something went wrong with generating the md5 checksums this
year - no need to throw the baby out with the bath water. dvdsig.exe
and dvdsig.md5 are tools that need to be included with every years PL
CD. But this year, somebody needs to step up the plate and offer a
one time substitute that does the same job with the same accuracy as
dvdsig.exe. Manually checking individual file sizes is tedious and
inaccurate. In this time of crc32, md5, .sfv, .par and .par2 there
are computer programs out there that are faster and more accurate than
manual comparisons.
Balderdash. Where's my soapbox?
"Manually checking individual file sizes is tedious and inaccurate."
There were errors in program that were used to check the file lists.
*Manual* checking found those errors.
furthermore. . .
The accuracy of a computation is dependent on the accuracy of the
original data.
Measuring something to the nearest eighth of an inch does not give you
ten decimal place accuracy. You cannot not remove uncertainties
regarding the exact length by using ten decimal places in your
computations.
similarly. . .
Many of the files on the Pricelessware CD were moved back and forth on
the web *before* we downloaded them. Some Pricelessware programs are
hosted on multiple sites. "Last freeware version" Pricelessware programs
may be hosted on obscure sites in remote locations.
You cannot ensure that the executable binaries are without error by
using checksums. At best you can ensure that no *additional* errors were
introduced.
IMO our *main* concern should be the possible introduction of malware on
a "PL2005 CD". IMO we should furnish a verification procedure that can
be used by anyone - not just geeks.
I see two ways to do that. We can back up and remaster the CD with a
valid dvdsig.md5 file or we can list the directory and file size
information.
IMO we should proceed ahead on with the existing ISO.
I think we should continue to list the directory and file size
information on the Pricelessware site as the *primary* method of
verifying the CD.
I am also in favor of furnishing a checksum file of the *original* ISO
that can be used to verify copies of the CD. It will be helpful to those
folks who know how to use it.
Susan