Menu
▾
▴
astlinux-users
|
From: Dr. P. V. <pv...@uo...> - 2020-02-10 23:11:55
|
May be I am looking into a wrong direction but where can I find checksums (SHA2) or digital signatures for the provided ISO images like e.g. under https://s3.amazonaws.com/mirror.astlinux-project/downloads/iso/astlinux-1.3.7.1-genx86_64-serial.iso Regards, Peter |
|
From: Lonnie A. <li...@lo...> - 2020-02-11 15:27:00
|
> On Feb 10, 2020, at 4:34 PM, Dr. Peter Voigt <pv...@uo...> wrote: > > May be I am looking into a wrong direction but where can I find > checksums (SHA2) or digital signatures for the provided ISO images like > e.g. under > > https://s3.amazonaws.com/mirror.astlinux-project/downloads/iso/astlinux-1.3.7.1-genx86_64-serial.iso Hi Peter, The .iso installer does do a SHA1 integrity check for any image it installs, but you make a good point that we should have a SHA256 hash for the .iso somewhere. Ideally not located along side of the actual .iso . Give us a little time to figure out the best solution. Thanks for your thoughts, Lonnie |
|
From: Dr. P. V. <pv...@uo...> - 2020-02-11 15:39:00
|
Hi Lonnie, I appreciate you answer. Maybe you can take into account giving an attached gpg signature file as well - either per ISO or for a single sha256sum file holding all checksums of all provided ISO images. Regards, Peter On Tue, 11 Feb 2020 09:26:51 -0600 Lonnie Abelbeck <li...@lo...> wrote: > > On Feb 10, 2020, at 4:34 PM, Dr. Peter Voigt <pv...@uo...> wrote: > > > > May be I am looking into a wrong direction but where can I find > > checksums (SHA2) or digital signatures for the provided ISO images > > like e.g. under > > > > https://s3.amazonaws.com/mirror.astlinux-project/downloads/iso/astlinux-1.3.7.1-genx86_64-serial.iso > > Hi Peter, > > The .iso installer does do a SHA1 integrity check for any image it > installs, but you make a good point that we should have a SHA256 hash > for the .iso somewhere. > > Ideally not located along side of the actual .iso . > > Give us a little time to figure out the best solution. > > Thanks for your thoughts, > Lonnie > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... |
|
From: Lonnie A. <li...@lo...> - 2020-02-11 15:59:51
|
Hi Peter, What are your thoughts of hovering over "Download Install ISO" and display -- sha256 41286b6ed99d6094b97e15b15eb353e929800b62db420ba2c9fe5df37cd89ad4 -- or is that too tedious to use ? Lonnie > On Feb 11, 2020, at 9:38 AM, Dr. Peter Voigt <pv...@uo...> wrote: > > Hi Lonnie, > > I appreciate you answer. Maybe you can take into account giving an > attached gpg signature file as well - either per ISO or for a single > sha256sum file holding all checksums of all provided ISO images. > > Regards, > Peter > > > On Tue, 11 Feb 2020 09:26:51 -0600 > Lonnie Abelbeck <li...@lo...> wrote: > >>> On Feb 10, 2020, at 4:34 PM, Dr. Peter Voigt <pv...@uo...> wrote: >>> >>> May be I am looking into a wrong direction but where can I find >>> checksums (SHA2) or digital signatures for the provided ISO images >>> like e.g. under >>> >>> https://s3.amazonaws.com/mirror.astlinux-project/downloads/iso/astlinux-1.3.7.1-genx86_64-serial.iso >> >> Hi Peter, >> >> The .iso installer does do a SHA1 integrity check for any image it >> installs, but you make a good point that we should have a SHA256 hash >> for the .iso somewhere. >> >> Ideally not located along side of the actual .iso . >> >> Give us a little time to figure out the best solution. >> >> Thanks for your thoughts, >> Lonnie >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pa...@kr.... > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > |
|
From: Lonnie A. <li...@lo...> - 2020-02-15 17:05:49
|
> On Feb 10, 2020, at 4:34 PM, Dr. Peter Voigt <pv...@uo...> wrote: > > May be I am looking into a wrong direction but where can I find > checksums (SHA2) or digital signatures for the provided ISO images Hi Peter, The AstLinux Project web page now shows SHA256 hashes for the ISO's (using a little javascript). https://www.astlinux-project.org/ Or, you can retrieve a single file containing all the hashes ... https://www.astlinux-project.org/iso.sha256.txt Note this "iso.sha256.txt" file is not located on the same server as the actual .iso files, but rather on our Github web page. Over time, if you need to view the SHA256 for and old .iso file, you can view the commit history of the iso.sha256.txt file ... https://github.com/astlinux-project/astlinux-project.github.io/commits/master/iso.sha256.txt Thanks for the suggestion, Peter. Lonnie |
|
From: Dr. P. V. <pv...@uo...> - 2020-02-15 19:06:02
|
Hi Lonnie, great job, thanks a lot. This is an important step towards more security. Did you think about providing additionally a detatched GnuPG signature file for iso.sha256.txt as iso.sha256.txt.asc as well? Peter On Sat, 15 Feb 2020 11:05:39 -0600 Lonnie Abelbeck <li...@lo...> wrote: > > On Feb 10, 2020, at 4:34 PM, Dr. Peter Voigt <pv...@uo...> wrote: > > > > May be I am looking into a wrong direction but where can I find > > checksums (SHA2) or digital signatures for the provided ISO images > > Hi Peter, > > The AstLinux Project web page now shows SHA256 hashes for the ISO's > (using a little javascript). > > https://www.astlinux-project.org/ > > Or, you can retrieve a single file containing all the hashes ... > > https://www.astlinux-project.org/iso.sha256.txt > > > Note this "iso.sha256.txt" file is not located on the same server as > the actual .iso files, but rather on our Github web page. > > Over time, if you need to view the SHA256 for and old .iso file, you > can view the commit history of the iso.sha256.txt file ... > > https://github.com/astlinux-project/astlinux-project.github.io/commits/master/iso.sha256.txt > > > Thanks for the suggestion, Peter. > > Lonnie > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... |
|
From: Lonnie A. <li...@lo...> - 2020-02-15 19:48:33
|
Peter, > Did you think about providing additionally a detatched GnuPG signature Just a SHA256 for now. Lonnie > On Feb 15, 2020, at 1:05 PM, Dr. Peter Voigt <pv...@uo...> wrote: > > Hi Lonnie, > > great job, thanks a lot. This is an important step towards more > security. > > Did you think about providing additionally a detatched GnuPG signature > file for iso.sha256.txt as iso.sha256.txt.asc as well? > > Peter > > > On Sat, 15 Feb 2020 11:05:39 -0600 > Lonnie Abelbeck <li...@lo...> wrote: > >>> On Feb 10, 2020, at 4:34 PM, Dr. Peter Voigt <pv...@uo...> wrote: >>> >>> May be I am looking into a wrong direction but where can I find >>> checksums (SHA2) or digital signatures for the provided ISO images >> >> Hi Peter, >> >> The AstLinux Project web page now shows SHA256 hashes for the ISO's >> (using a little javascript). >> >> https://www.astlinux-project.org/ >> >> Or, you can retrieve a single file containing all the hashes ... >> >> https://www.astlinux-project.org/iso.sha256.txt >> >> >> Note this "iso.sha256.txt" file is not located on the same server as >> the actual .iso files, but rather on our Github web page. >> >> Over time, if you need to view the SHA256 for and old .iso file, you >> can view the commit history of the iso.sha256.txt file ... >> >> https://github.com/astlinux-project/astlinux-project.github.io/commits/master/iso.sha256.txt >> >> >> Thanks for the suggestion, Peter. >> >> Lonnie >> >> >> >> _______________________________________________ >> Astlinux-users mailing list >> Ast...@li... >> https://lists.sourceforge.net/lists/listinfo/astlinux-users >> >> Donations to support AstLinux are graciously accepted via PayPal to >> pa...@kr.... > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X