[Bug debuginfod/27758] security idea: DEBUGINFOD_VERIFY mode

vt at altlinux dot org sourceware-bugzilla@sourceware.org
Wed Apr 21 00:15:31 GMT 2021


https://sourceware.org/bugzilla/show_bug.cgi?id=27758

Vitaly Chikunov <vt at altlinux dot org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vt at altlinux dot org

--- Comment #3 from Vitaly Chikunov <vt at altlinux dot org> ---
Instead of `X-Debuginfod-Hash` you can use `ETag` where you can put anything
including sha256 (can be prescribed in webapi description), then GET request
with `If-None-Match` + tag value (which is a hash) will return just 304 if the
hash is not changed. So HEAD request is not needed too.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/If-None-Match

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the Elfutils-devel mailing list