Re: How to verify install iso?

[Scott Ferguson <scott.ferguson.debian.user@gmail.com>]

On 13/12/13 12:41, Ralf Mardorf wrote:
> On Fri, 2013-12-13 at 12:27 +1100, Scott Ferguson wrote:
>> - you can also use the installer to self-check.
> 
> If it's compromised a self-check could be done compared with what ever
> source.

I don't understand what you are trying to say.

> 
>> I'm guessing you should read the FAQ (link is top-right of that page
>> [*2]) if that's over your head.
> 
> There's no explanation where the checksum files can be found. The iso
> does include a md5sum.txt and nothing else. There simply is no file for
> comparison.

Huh?  You can download the key from the same location as you download
the iso. *Or* you can use the one on the iso:-
$ ls -x
autorun.inf       [BOOT]               css                 dists
  doc         firmware   g2ldr
g2ldr.mbr         install              install.386         isolinux
  *md5sum.txt*  pics       pool
README.html       README.mirrors.html  README.mirrors.txt  README.source
 README.txt  setup.exe  tools
win32-loader.ini

(emphasis mine)

> 
>> Paragraph 3: Check the appropriate signature.Here's a list of keys that
>> have been used, the same ones are in the debian keyring package.
> 
> Keys for what?

Signing the image (context Ralph, context).

 For a MD5SSUMS.sign file? The iso doesn't include such a
> file. I at least can't find it.


I'd suggest you *read* the references I posted, then if you've still got
questions... :)

You may also find the man files for the three sum checking tools I
posted informative.


> 
> Regards,
> Ralf
> 
> 


Kind regards