On Nov 21, 2006, at 9:01 PM, Derek Wright wrote:
On Nov 21, 2006, at 5:42 PM, Gerhard Killesreiter wrote:
Do you plan to check if a module has been altered after download, too?
no, i wasn't planning to do that. the md5 hashes we have are on the whole tarball, not per file. so an easy, obvious way to detect this doesn't immediately spring to mind, short of doing a bunch more work to calculate, store, and advertise the per-file md5 hashes at d.o. [1]
One thing about this is that it would be good to allow admins to say "yes, this file has been modified, but I know about it so don't tell me again". Occasionally I make small changes to a module (example: I modified biblio.module to hide ability to export XML, because I don't want it visible), and I don't want to be plagued by massive warnings (or worse, automatic disabling) because I customized a module. Thanks, Ricky