hbuhrmester wrote:I suspect, that ETags with the prefix W/ indicate some intermediate state.
The footprint.net servers use those "weakly validating" ETags either way, so even the properly signed CAB file from 9 November has one. The footprint.net servers also don't appear to honor a "If-None-Match" header in the client request.
As noted in a previous post, the BAD footprint.net ETag is:
ETag: W/"9e7be538b53ad21:0"
MD5: 44B1480711F3C34F961071129EB369FE
SHA1: 3BD278A95004CA6AB4CA5CB953F46015E2BC08DA
SHA256: 52670BBEA050716F838848B3FC28CE7BBEBF3EBFCD3CC4BE3473992AED74B386
But footprint.net was also serving the good one, same as the old two content distribution networks:
ETag: W/"fb5afe38b53ad21:0"
MD5: 145A3BC4BE51765D3470FCFF1F7BDCCF
SHA1: 02CEB8F53B165C2AA8BDE161C8C635252473D22B
SHA256: 65AE858E88854A78F5EB545D69E9CDCA6BA47A24AB73E356CE8458EDEF50BC8A
Unfortunately, the bad file appears to be far more prevalent than the good one; however, both files are the same 201419112-byte size.
Update -- the Last-Modified time was touched in the last several hours; however, the signed CAB file content is the same, with the same 9 November signing timestamp. Sadly, the footprint.net servers have new content, but that new content is still useless because that CAB is still not signed correctly.