undefined | Better HN

0 pointssvckr6y ago0 comments

I might be wrong, but wouldn't it be prudent to first verify the checksum/signature of the downloaded archive before unpacking it? Even when just decompressing there's at least the danger of being zip-bombed (assuming a zip bomb can be constructed for any dictionary-based compression algorithm.)

FWIW I really applaud Arch here. Even if it's just a small step. Commercial operating systems should take notice. OS updates should really not take as long as they (mostly) do.

0 comments

the84726y ago

Even then it still could be pipelined. download, check signature, decompress while the next download is running. But yeah, pacman is plenty fast already.

j / k navigate · click thread line to collapse

0 pointssvckr6y ago0 comments

FWIW I really applaud Arch here. Even if it's just a small step. Commercial operating systems should take notice. OS updates should really not take as long as they (mostly) do.

0 comments

the84726y ago

Even then it still could be pipelined. download, check signature, decompress while the next download is running. But yeah, pacman is plenty fast already.

j / k navigate · click thread line to collapse