I got a variety of responses to this. Thanks to:
alpert_at_fas.harvard.edu "Debra Alpert"
speno_at_isc.upenn.edu "John Speno"
labelles_at_mscd.edu "Stephen LaBelle"
i769646_at_smrs013a.mdc.com "C.Ruhnke"
rjackson_at_gmu.edu "Richard L Jackson Jr"
crittend_at_storm.simpson.edu "Paul Crittenden"
In a nutshell, it appears that duv40das00003-19990208.tar is
(expectedly) fine, duv40das00003-19990208.pdf is corrupted but
usable, and ssrt0588u.tar.gz is fine.
A couple of people had also noticed the discrepancy between the
advertised checksum for duv40das00003-19990208.pdf and the checksum
of the actual downloaded file. C.Ruhnke said:
I, too, noticed the mismatch on the "*.pdf" file; but, since I could read
it on my PC with Acrobat (after a warning about repairing the format) I
did not worry.
A second download of ssrt0588u.tar.gz yielded a copy with the correct
checksum. It turns out that my first downloaded version had a different
checksum because I had gunzip'd and then re-gzip'd it before checking its
checksum. Evidently my subsequent gzip was not an exact complement to my
gunzip. I verified the integrity of my first download by gunzip-ing both
my first and second downloaded versions and then comparing the uncompressed
tar files using both /usr/bin/cmp and /usr/bin/sum - they were identical.
I did get the following comment on ssrt0588u from Debra Alpert:
We installed the patch this morning and removed it this afternoon. It
caused a variety of problems at our site -- users were unable to login at
the console on our lab alphastations, and one of our applications began to
dump core. I don't know what else might have happened because we quickly
backed out of the patch. Until a better fix is provided, we've removed the
execute bit for other on edauth and have removed the read and execute
permissions for other on the directory /usr/tcb/bin.
############################# Original Question #############################
> I have just downloaded the 19990208 version of the Digital Unix I have just
> downloaded v4.0d jumbo patch kit #3, as well as the recently released
> edauth-related security patch (ssrt0588u). None of the resultant checksums
> for the associated files match those posted on
> http://ftp.service.digital.com/public/dunix/v4.0d/. Are the advertised
> checksum's calculated using /usr/bin/sum? Should these discrepancies concern
> us, or is it likely that the advertised checksums are simply bogus?
>
> File Advertised checksums Checksums of Downloads
> ============================= ==================== ======================
> duv40das00003-19990208.pdf 10729 139 38132 143
> duv40das00003-19990208.tar 12686 58190 12686 58190
> ssrt0588u.tar.gz 54955 2677 61126 2677
--
Bob Jones Sr. Systems Manager
Voice Mail: (541)346-0941 215 Computing Center
INTERNET: bj_at_oregon.uoregon.edu University of Oregon
"Shaving is an unnatural act." Eugene, OR 97403
Received on Wed Feb 17 1999 - 23:43:57 NZDT