Re: How to verify install iso?
On 13/12/13 12:41, Ralf Mardorf wrote:
> On Fri, 2013-12-13 at 12:27 +1100, Scott Ferguson wrote:
>> - you can also use the installer to self-check.
>
> If it's compromised a self-check could be done compared with what ever
> source.
I don't understand what you are trying to say.
>
>> I'm guessing you should read the FAQ (link is top-right of that page
>> [*2]) if that's over your head.
>
> There's no explanation where the checksum files can be found. The iso
> does include a md5sum.txt and nothing else. There simply is no file for
> comparison.
Huh? You can download the key from the same location as you download
the iso. *Or* you can use the one on the iso:-
$ ls -x
autorun.inf [BOOT] css dists
doc firmware g2ldr
g2ldr.mbr install install.386 isolinux
*md5sum.txt* pics pool
README.html README.mirrors.html README.mirrors.txt README.source
README.txt setup.exe tools
win32-loader.ini
(emphasis mine)
>
>> Paragraph 3: Check the appropriate signature.Here's a list of keys that
>> have been used, the same ones are in the debian keyring package.
>
> Keys for what?
Signing the image (context Ralph, context).
For a MD5SSUMS.sign file? The iso doesn't include such a
> file. I at least can't find it.
I'd suggest you *read* the references I posted, then if you've still got
questions... :)
You may also find the man files for the three sum checking tools I
posted informative.
>
> Regards,
> Ralf
>
>
Kind regards
Reply to: