Thanks for the reponses.
One can always add a check of the md5sum files to bootsync.sh.
However, once access is obtained, there is no security.
An occasional manual md5sum check via Apps is good enough for me, but as outlined the check is only valid if the .tcz extension has an associated md5.txt file. So in that sense it is really only a partial and incomplete check. Why run a checker if it only performs a partial job. Of course once access is obtained security is compromised, but providing awareness of missing md5.txt files could help detect possible intrusion/corruption.
I do not see why and how a missing md5 is imposing a security risk.
Well to me the purpose of an md5 check is not only to confirm an accurate download, but also to help ensure there is no curruption in the system post-install, which could be secondary to a security violation. Does that not make sense?
Core is a toolkit, not a distro.
You can add a simple script to md5sum the whole optional directory at boot.
If you can't, why are you using core instead of a distro targeted for the end user?
BusyBox is a toolkit, TinyCore is a distribution.
If not, maybe someone should notify distrowatch and update the TinyCore website:
About Our Projecthttp://distro.ibiblio.org/tinycorelinux/
Our goal is the creation of a nomadic ultra small graphical desktop operating system capable of booting from cdrom, pendrive, or frugally from a hard drive.
As already outlined, a simple script to md5sum check the optional directory at boot is futile if .tcz extensions in the optional folder are missing an associated md5.txt file. They don't get flagged or checked.
This is deliberate. At a minimum it's a means to prevent auto-update and accidental removal of modded or personal extensions. I do have a solution and have been using it for a year or more, just need to submit it (wasn't sure if anyone would be interested..).
Sorry i don't buy that, Apps > md5 Checking is not designed to update or remove any extensions, modded or personal, it's simply an automated way to complete an md5 check - no system changes. And in it's present state the md5 check is incomplete. Although i appear to be a minority, i would definitely be interested in your solution.
Still can't understand the resistance to flagging missing md5.txt files. How could incorporating this feature be a bad thing? Why should a user need to manually scroll through an optional folder to check for missing md5.txt files when a computer can check so much quicker and reliably.