Hi,
john doe wrote:
> http://cdimage.debian.org/debian-cd/current/amd64/jigdo-cd/debian-10.3.0-amd
64-netinst.jigdo
> "OK: MD5 Checksums match, image is good!
> WARNING: MD5 is not considered a secure hash!
> WARNING: It is recommended to verify your image in other ways too!"
> What are those other ways (2)?
> 2) https://www.debian.org/CD/verify
Yes.
More schematically put:
- Download
http://cdimage.debian.org/debian-cd/current/amd64/jigdo-cd/SHA256SUMS
http://cdimage.debian.org/debian-cd/current/amd64/jigdo-cd/SHA256SUMS.sign
- Verify SHA256SUMS by SHA256SUMS.sign by program gpg.
Check carefully whether the reported "key fingerprint" matches one of
those listed at
https://www.debian.org/CD/verify
Key fingerprint = 1046 0DAD 7616 5AD8 1FBC 0CE9 9880 21A9 64E6 EA7D
Key fingerprint = DF9B 9C49 EAA9 2984 3258 9D76 DA87 E80D 6294 BE9B
Key fingerprint = F41D 3034 2F35 4669 5F65 C669 4246 8F40 09EA 8AC3
- Download
http://cdimage.debian.org/debian-cd/current/amd64/jigdo-cd/debian-10.3.0-amd64-netinst.jigdo
http://cdimage.debian.org/debian-cd/current/amd64/jigdo-cd/debian-10.3.0-amd64-netinst.template
- Checksum debian-10.3.0-amd64-netinst.jigdo and
debian-10.3.0-amd64-netinst.template by program sha256sum.
- Lookup checksums in SHA256SUMS:
965ea504e68e4aaf64c04cbb382fb344acb8dc0b4a2c4005f140e4dffffc7230
debian-10.3.0-amd64-netinst.jigdo
8d4880a5c9937680fc429c6656cf508397792fabdedc5e1a0942d7045f1c60ce
debian-10.3.0-amd64-netinst.template
- Download checksum debian-10.3.0-amd64-netinst.iso by
debian-10.3.0-amd64-netinst.jigdo and debian-10.3.0-amd64-netinst.template
and program jigdo-lite.
- Checksum downloaded debian-10.3.0-amd64-netinst.iso
- Lookup in SHA256SUMS:
6a901b5abe43d88b39d627e1339d15507cc38f980036b928f835e0f0e957d3d8
debian-10.3.0-amd64-netinst.iso
Have a nice day :)
Thomas
