Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!usenix!std-unix
From: henry@zoo.toronto.edu (Henry Spencer)
Newsgroups: comp.std.unix
Subject: Re: Are POSIX documents available for ftp from somewhere?
Message-ID: <460@usenix.ORG>
Date: 25 Aug 90 03:50:12 GMT
Sender: std-unix@usenix.ORG
Lines: 26
Approved: jsq@usenix.org (Moderator, John Quarterman)
X-Submissions: std-unix@uunet.uu.net

From:  henry@zoo.toronto.edu (Henry Spencer)

>From:  khb@Eng.Sun.COM (Keith Bierman - SPD Advanced Languages)
>   ...The key reason is that there have actually been cases
>   where someone gets it, modifies it slightly for their own benefit, and
>   then prints it claiming it's the standard.  ...
>
>Sounds like an excuse, not a reason. It would not be hard to publish
>checksums. 

But how do you convince people to run checksums on the documents and compare?
Remember, the customers *will not* read the documentation even when it is
clearly in their interests to do so -- and you want them to run checksums?
(Setting aside the problem that there is no standard checksum program...)
The only way this will work is if it is sufficiently automatic that whenever
they display the document on their screens, a big red flashing label saying
"FRAUDULENTLY ALTERED" appears underneath.  Unfortunately, short of advanced
cryptographic techniques, there's no way to make this work.

This is not to deny that financial motives play a part.  But prevention of
fraud is a real and legitimate concern with no trivial solution.

                                         Henry Spencer at U of Toronto Zoology
                                          henry@zoo.toronto.edu   utzoo!henry

Volume-Number: Volume 21, Number 59