Re: Lack of Mature Tools (was: Lockheed Martin, Green Hills, etc.)

[Chris Morgan <cm@mihalis.net>]

"Robert I. Eachus" <rieachus@earthlink.net> writes:

> Chris Morgan wrote:
>  
> > Are you really suggesting that if I see an announcement of a new
> > public release of gnat on comp.lang.ada and I then download a file
> > with that version number from cs.nyu.edu in /pub/gnat that it may
> > somehow be corrupted? The wrong file? Altered by random strangers?
> 
>     I believe that the right answers are: several times, happened at
> least once, and has not happened yet--at least on cs.nyu.edu.  There are
> many different  versions of each new gnat release that can be found on
> cs.nyu.edu.  There have been uploading problems on several occasions
> resulting in corrupted files, and at least once the wrong version of a
> binary was uploaded.  Note also that not all of the versions available
> from cs.nyu.edu are created by ACT and so ACT as such has no way to
> guarentee conformance for such versions.

Yeah, but simple corruption would normally cause either tar or gunzip
to fail. What I should have said, I suppose, is it's not at all
difficult to reliably transmit the public versions to users and be
assured the right bits got there, e.g. if ACT had a public area on
their own ftp servers and published MD5 checksums. Of course ACT may
occasionally make a mistake and put the wrong file up, even on their
own servers, but in that case the odds would be reasonable that they
would also make up a cd containing the mistake.

> 
>     Having said all that--and RBKD or someone else can provide the gory
> details--GNAT is probably at least as reliable and robust as Netscape or
> other products you can download over the net.  But if you see the
> announcement of a new "p" release and download it immediately, there
> will be times when you will have to go back for the correct version.  So
> yes, Robert is implying that those things can happen and that ACT cannot
> be responsible--among other things, it is not their server.

Fair enough. But if I download this new p version and have a problem,
it shouldn't be hard to verify my version.

>       I don't think any weaseling was intended.  MD5 checksums would
> probably be a good idea, but the archive formats do include checksums
> that detect truncated or corrupted files.  When I am concerned about
> someone maliciously modifying software, however, I much prefer CD as a
> delivery media.   After installing, you should checksum not just the
> compiler, but the entire directory hierarchy.  There are tools to do
> this.  Such tools in fact are included in the DII COE, and in GCCS their
> use is mandatory.

Well not having ever had an ACT CD, I have to presume they transmit
checksums with their CDs, in which case yes it's more reliable,
however I still heartily dislike the implication that any users who
just picked up some random bits called gnat somewhere on the net can't
are not likely to have a valid version. Seeing as GNAT started off on
DoD money to be a freely available tool, and started off with NYU
staff dominating the development team, if they can't reliably transmit
a known version to me at least most of the time via some ftp site such
as cs.nyu.edu something is wrong.

-- 
Chris Morgan <cm at mihalis.net>                  http://mihalis.net
    "O gummier hum warder buffer-lore rum 
     Enter dare enter envelopes ply"