On Sat, 28 Jul 2001, Marcus Brinkmann wrote: > In contrast, if the md5sums are stored in the package on CD, verification > is easy: You just need to boot from the (trusted) CD, and kick off the > comparison with the CD content. It is easier to trust a list of checksums > mirrored world wide and verified by many users than to trust a list > which is generated by the system you want to verify.
Boot from said trusted CD, run said trusted dpkg, to calculate the md5sums of the files.
