[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Should not .jigdo files be in SHA512SUMS ?


i looked into jigdo-file about the safety of the final jigdo-lite statement
  "OK: Checksums match, image is good!"

The message stems from
where i read

  MD5Sum md; // MD5Sum of image
  md.updateFromStream(*image, info->size(), readAmount, *optReporter);
  if (*image) {
    if (image->eof() && md == info->md5()) {
      optReporter->info(_("OK: Checksums match, image is good!"));
      return 0;

So probably jigdo-file has to learn other checksumming algorithms like
SHA512 in order to get sufficient safety against intentional manipulation.

Until then, it should not be that much affirmative in its message, but
rather tell that it's only tested by a (yet untrusted) MD5 and that the
usual verification procedure for downloaded ISOs is still needed.

Have a nice day :)


Reply to: