Re: Verifying authenticity of Debian CDs
[ I often skim the debian-user list, but when I'm away on vacation or
at a conference I'll miss things unless I'm directly CC:ed ]
Thomas wrote:
>Hi,
>
>Chris XX wrote:
>> I was trying to Verify the authenticity of Debian CDs on your website, but I
>> don't see instructions that will guide me through the process
>> (step-by-step).
>
>(We are the users. But some Debian Developers are watching, too.)
>
>Obviously there is a gap between checksum file verification and .iso image
>verification.
>
>Let's first look at the files offered for download:
> https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/
>has among others
...
> ...
> Found:
>0b0a75b8a0c8dc05a4b43273e44d7b5e3b0ecec6d9b4e1c88a95d9c886cba5ae0dbeb4b7a5a3016106096a9071572b9a3d8b54dd91a50abce15f713fa22ff229
> Expected:
>cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245
> MISMATCH: 'debian-9.8.0-amd64-netinst.iso' checksum differs from 'debian-9.8.0-amd64-netinst.iso' in 'SHA512SUMS'
>
>So you know that the checksumers really detect nearly all damages of
>debian-9.8.0-amd64-netinst.iso.
>
>--------------------------------------------------------------------------
>
>@ Steve McIntyre (maintainer of debian-cd):
>
>Do you agree with the instructions above ?
Yes, that's a very clear description. Thanks!
>Is there a consolidated wiki page with such instructions which i failed
>to find ? If not: shall we make such a page ?
I'm working with the web team to update our web pages for image
download, and part of that will include a much clearer set of
verification instructions. If you're happy for me to borrow your text
above, I think it's a good start!
--
Steve McIntyre, Cambridge, UK. steve@einval.com
Armed with "Valor": "Centurion" represents quality of Discipline,
Honor, Integrity and Loyalty. Now you don't have to be a Caesar to
concord the digital world while feeling safe and proud.
Reply to: