On Seg, 03 Jan 2011, Naja Melan wrote:
Currently I'm installing fedora, because it seems that that is as good as it gets with https. Their site is very neat and informative in verifying their downloads, it all comes over certified https even extra tools like the liveusb-creator. This gives me at least a higher sense of trust than the current debian situation.
How much do you trust your USB drive? It could have a malicious controller that detects when the correct Fedora files are written to it, and replaces with hacked copies. And when you try to verify the copy, it detects this and returns the SHA1 (or any other checksum) of the original files.
-- The world is not octal despite DEC. Eduardo M KALINOWSKI eduardo@kalinowski.com.br