[Devil-Linux-discuss] Checksums ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi.

I subscribed to this list merely to send an email.  It would be nice if
there were a way (a single address) to send email to.  Perhaps 'faq' :-).

I don't see any way to verify the ISO images.  So, there seems to be no
way to prevent someone setting up a mirror site with a hacked ISO image.
Remember DNS is not secure so it would be possible to trick someone into
downloading the altered image.  All this work does nothing if someone
hacks the original site (apache.com was broken into recently :).

It would be convenient to provide both md5 sums (or equivalent) and a PGP
sig ... md5 is becoming rather old (poke around on counterpane.com if
you're interested) but the md5sum binary is generally available on most
distributions.

Thanks,

--GH.