Suspicious-Teach8788
Lifer
I understand that with typical single files a hash such as MD5, SHA1 or SHA256 is used for verification. However what's a good way if you have a large list of files? Say like 50 or 100 files or even more?
Part of the reason I ask is I was at work reading through some of our SOPs for releasing software--and by release I mean put software into our document control. This isn't necessarily meaning that we write the software ourselves, but any software like if we hire a contractor to develop a custom test software. Note we are NOT a software company, so pardon the inexperience. One of the procedures said to provide a file index snapshot (simple dir /s command) when . All you get is a list of files and file sizes, but how good of a process is this even? I dug further and found that we verify media that we receive for production (i.e. DVDs or flash disks) using this process too.
I'm not a software guy myself, but this seems to be a very low tech and risky way of verifying software was provided properly. By verifying a file index you're just comparing file sizes. Shouldn't we be checking hashes or something?
Part of the reason I ask is I was at work reading through some of our SOPs for releasing software--and by release I mean put software into our document control. This isn't necessarily meaning that we write the software ourselves, but any software like if we hire a contractor to develop a custom test software. Note we are NOT a software company, so pardon the inexperience. One of the procedures said to provide a file index snapshot (simple dir /s command) when . All you get is a list of files and file sizes, but how good of a process is this even? I dug further and found that we verify media that we receive for production (i.e. DVDs or flash disks) using this process too.
I'm not a software guy myself, but this seems to be a very low tech and risky way of verifying software was provided properly. By verifying a file index you're just comparing file sizes. Shouldn't we be checking hashes or something?
