Re: Verifying Purchased DVDs
On Tue, Sep 03, 2013 at 10:42:03AM -0500, Chuck Rhode wrote:
>I'm sure it's clear to you where I should direct my query. It's not
>clear to me.
Ideally to the debian-cd or debian-user mailing list, but debian-www
is good enough as I can answer your questions. I'm the guy who makes
the CD and DVD images for Debian.
>I want to verify the authenticity of a shiny new set of three Wheezy
>installation DVDs that I purchased from an authorized publisher. So
>far I'm not able to.
>I expected to be able to upgrade from Squeeze instantaneously. It
>took a couple of weeks to get the DVDs. The checksums on the media
>are self consistent with the media, so the media is in good condition,
>but still I need to confirm the validity of the checksums themselves
>from an independent source such as debian.org. I have a letter in
>transit to the publisher addressing the question that I am addressing
>to you now.
>... BUT FIRST:
>http://cdimage.debian.org/debian-cd/7.1.0/i386/iso-dvd/MD5SUMS is not
>plain text. Shouldn't it be? Neither are SHA1SUMS and SHA256SUMS,
>but SHA512SUMS is text. I'm confused.
They all look like plain text to me. Is your browser doing something
>Checksums for 7.0.0 (the version of my disks) are no longer available
>if they ever were. According to posters on http://forums.debian.net,
>they still appear on perhaps out-of-date mirrors in Russia and
>Indonesia. It seems a bit dodgy to me to try to verify checksums that
>are not generally available on most of the authorized mirrors.
Once we release a new version, we move the older images, checksums
etc. into the archive section of the cdimage site. We keep things
around for a long time, but our mirrors are not going to have the
space for them all and most tend to only keep the most recent images
around. In your case, you should be looking at
for the checksums files you need, and the PGP signatures to verify
>... AND FINALLY:
>The visible labels on my disks are 1, 2, and 3. The machine labels
>are 1, 2, and 4. The Russian site at
>ftp.psn.ru/debian-cd/7.0.0/i386/iso-dvd offers checksum files MD5SUMS,
>SHA1SUMS, SHA256SUMS, and SHA512SUMS for 7.0.0 that are text along
>with ISO images for disks 1 through 10, which are apparently for CDs,
They look like images for DVDs as far as I can see. What makes you
think they're for CDs?
>Can you think of any reason why the publisher would ship DVD 4
>instead of DVD 3?
Sorry, no idea. Sounds like a simple mistake to me, you'll have to ask
>... SO THERE!
>Can you help? Can you direct me to an up-to-date source of authorized
>checksums for DVD ISO images from 7.0.0?
See above. Shout if you have any more questions, I'll do what I can to
Steve McIntyre, Cambridge, UK. firstname.lastname@example.org
Can't keep my eyes from the circling sky,
Tongue-tied & twisted, Just an earth-bound misfit, I...