From: Guy H. <gwh...@eo...> - 2001-12-28 16:25:35
|
Hi. I subscribed to this list merely to send an email. It would be nice if there were a way (a single address) to send email to. Perhaps 'faq' :-). I don't see any way to verify the ISO images. So, there seems to be no way to prevent someone setting up a mirror site with a hacked ISO image. Remember DNS is not secure so it would be possible to trick someone into downloading the altered image. All this work does nothing if someone hacks the original site (apache.com was broken into recently :). It would be convenient to provide both md5 sums (or equivalent) and a PGP sig ... md5 is becoming rather old (poke around on counterpane.com if you're interested) but the md5sum binary is generally available on most distributions. Thanks, --GH. |