In the context of a software update system, suppose we have the following:

• a.tar: an archive file containing an old version of an application
• b-a.patch: a file containing the binary difference of the old a.tar and the new b.tar (from bsdiff)

Both files are present on the same system, and the authenticity and integrity of both files have been verified using sha256 hashes from a trusted source.

If we now reconstruct b.tar from a.tar and b-a.patch, can we trust b.tar to be correct, or is it still necessary to verify the integrity of the result, e.g. by checking the file hash?

In response to the comments:

I would consider it necessary to verify the integrity of the result, if there is a "reasonable" probability that the reconstruction process (using bsdiff) could produce a corrupted file while exiting normally.

What is "reasonable?" Not sure. Let's say more than 1 in 100k?

As this concerns a software update system, the scenario we would like to protect against is replacing a working application by a new version that has been corrupted during reconstruction.

In the context of a software update system, suppose we have the following:

• a.tar: an archive file containing an old version of an application
• b-a.patch: a file containing the binary difference of the old a.tar and the new b.tar (from bsdiff)

Both files are present on the same system, and the authenticity and integrity of both files have been verified using sha256 hashes from a trusted source.

If we now reconstruct b.tar from a.tar and b-a.patch, can we trust b.tar to be correct, or is it still necessary to verify the integrity of the result, e.g. by checking the file hash?

In response to the comments:

I would consider it necessary to verify the integrity of the result, if there is a "reasonable" probability, under normal operating conditions, that the reconstruction process (using bsdiff) could produce a corrupted file while exiting normally.

What is "reasonable?" Not sure. Let's say more than 1 in 100k?

As this concerns a software update system, the scenario we would like to protect against is inadvertently replacing a working application by a new version that has been corrupted during reconstruction.

In the context of a software update system, suppose we have the following:

• a.tar: an archive file containing an old version of an application
• b-a.patch: a file containing the binary difference of the old a.tar and the new b.tar (from bsdiff)

Both files are present on the same system, and the authenticity and integrity of both files have been verified using sha256 hashes from a trusted source.

If we now reconstruct b.tar from a.tar and b-a.patch, can we trust b.tar to be correct, or is it still necessary to verify the integrity of the result, e.g. by checking the file hash?

In the context of a software update system, suppose we have the following:

• a.tar: an archive file containing an old version of an application
• b-a.patch: a file containing the binary difference of the old a.tar and the new b.tar (from bsdiff)

Both files are present on the same system, and the authenticity and integrity of both files have been verified using sha256 hashes from a trusted source.

If we now reconstruct b.tar from a.tar and b-a.patch, can we trust b.tar to be correct, or is it still necessary to verify the integrity of the result, e.g. by checking the file hash?

In response to the comments:

I would consider it necessary to verify the integrity of the result, if there is a "reasonable" probability that the reconstruction process (using bsdiff) could produce a corrupted file while exiting normally.

What is "reasonable?" Not sure. Let's say more than 1 in 100k?

As this concerns a software update system, the scenario we would like to protect against is replacing a working application by a new version that has been corrupted during reconstruction.