mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Tahoe: Avoid verifying hash after download, since tahoe does sufficient verification itself

Browse source 
See my comment in the next commit for some details about why
Verified needs a hash with preimage resistance. As far as tahoe goes,
it's fully cryptographically secure.

I think that bup could also return Verified. However, the Retriever
interface does not currenly support that.
This commit is contained in:
Joey Hess 2021-02-09 13:42:16 -04:00
parent cbe84b62b9
commit fa3d71d924
No known key found for this signature in database
GPG key ID: DB12DB0FF05F8F38
4 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Remote/BitTorrent.hs
View file

@ -99,6 +99,9 @@ gen r _ rc gc rs = do
downloadKey :: Key -> AssociatedFile -> FilePath -> MeterUpdate -> Annex Verification
downloadKey key _file dest p = do
get . map (torrentUrlNum . fst . getDownloader) =<< getBitTorrentUrls key
-- While bittorrent verifies the hash in the torrent file,
-- the torrent file itself is downloaded without verification,
-- so the overall download is not verified.
return UnVerified
where
get [] = giveup "could not download torrent"