[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Patch for Debian CD FAQ: verifying ISOs

On Fri, 2009-05-15 at 01:37 +0200, Frans Pop wrote:
> Frank Lin PIAT wrote:
> > I have attached a patch to improve Debian CD FAQ regarding the section
> > "How can I verify that the downloaded CD images are correct?"
> 
> It's probably a good idea to CC debian-cd on this. They are the de-facto 
> maintainer of the FAQ and not all d-cd team members may be subscribed to 
> d-www.

[[ I should have CC'ed debian-cd the first time, so here it is... ]]

Hello,

I have attached a patch to improve Debian CD FAQ regarding the section
"How can I verify that the downloaded CD images are correct?"

Changes:
1. MD5SUMS is now deprecated, so we should document SHA1 instead 
   (and move to SHA256 when ready)
2. Drop the paragraph about checkiso, since the checksum wasn't updated
   since Sarge 3.1r5 (and because I could find any complaint in the ml)
3. For windows users, document using GnuPg's sha1sum and gnupg
   (because it is much more simpler and lighter to install, compared to 
   MingW32 and Cygwin. It's also less intrusive.)
4. Move the Windows paragraph to the bottom, for clarity.

As always, feedback is welcome.

Franklin

--- CD/faq/index.wml-orig	2009-05-14 19:58:38.000000000 +0200
+++ CD/faq/index.wml	2009-05-14 22:05:28.000000000 +0200
@@ -448,30 +448,27 @@
 <toc-add-entry name="verify">How can I verify that the downloaded
 CD images are correct?</toc-add-entry>
 
-<p>If you use <a href="../jigdo-cd/">jigdo</a>, the image checksum is
-automatically verified after the image has been generated. For HTTP or
-FTP downloads, use the <tt>md5sum</tt> utility to calculate the
-checksums of the files you downloaded, then compare them to the
-checksums in the <tt>MD5SUMS</tt> files which are distributed alongside
-the <a href="http://cdimage.debian.org/debian-cd/";>jigdo
-files of official releases</a>.</p>
-
-<p>An <tt>md5sum</tt> program for Windows systems is available
-as part of the <a href="http://www.cygwin.com";>Cygwin suite</a>
-(install the "coreutils" package), or you may be able to find standalone
-binaries compiled for <a href="http://www.mingw.org/";>MinGW</a>.</p>
+<p>Use the <tt>sha1sum</tt> utility to calculate the checksums of
+the files you downloaded, then compare them to the checksums in the
+<tt>SHA1SUMS</tt> files which are distributed alongside the 
+<a href="http://cdimage.debian.org/debian-cd/";>jigdo files of 
+official releases</a>.</p>
 
 <p>To ensure that the images were not only downloaded correctly, but
 are indeed official images, you also have to verify the GnuPG
-signature on the <tt>MD5SUMS</tt> files using the <a
+signature on the <tt>SHA1SUMS</tt> files using the <a
 href="http://keyring.debian.org";>Debian GPG keyring</a>. CD
 vendors are encouraged to do this.</p>
 
-<p>If you want to check many CD image files or burned CDs easily
-on Unix/Linux systems, the
-<a href="http://fly.cnuce.cnr.it/software/#checkiso";>checkiso</a>
-#<a href="ftp://fly.cnuce.cnr.it/pub/software/unix/checkiso";>checkiso</a>
-script can be a great help.</p>
+<p>The programs <tt>sha1sum</tt> and <tt>gpg</tt> for Windows
+systems are availables from <a href="ftp://ftp.gnupg.org/gcrypt/binary/";>
+GnuPG</a> (<tt>sha1sum.exe</tt> and <tt>gnupg-w32cli-....exe</tt>)</p>
+
+## This script is outdated since Etch (and no complaints for 2 years).
+#<p>If you want to check many CD image files or burned CDs easily
+#on Unix/Linux systems, the
+#<a href="http://fly.cnuce.cnr.it/software/#checkiso";>checkiso</a>
+#script can be a great help.</p>
 
 <gototop>
 # ============================================================
Reply to: