On 17/01/2024 15:28, Andrew M.A. Cater wrote:
On Tue, Jan 16, 2024 at 10:31:40PM +0000, Jeff Jennings wrote:
Recently, I decided to download Debian 12.4 and was alarmed to notice
that Debian 12 downloads are no longer through https connections.
[...]
That's served via https from cdimage.debian.org.
All the downloads linked off Other downloads are also https links.
Debian images are available from a number of mirrors. What actually
should be checked is sha512sum of downloaded images and GPG signature of
the file with checksums (SHA512SUMS.sign). It makes HTTP (or BitTorrent,
etc.) downloads secure as long as GPG public keys (proper ones) are
obtained from a trusted source.
https://www.debian.org/CD/verify
Verifying authenticity of Debian images
https://www.debian.org/releases/bookworm/amd64/ch04s07.html
4.7. Verifying the integrity of installation files
in Debian GNU/Linux Installation Guide
https://www.debian.org/CD/faq/index.en.html#verify
How can I verify the downloaded ISO images and written optical media?
P.S. Actually I missed a list of commands like
https://ubuntu-mate.org/faq/verify-download-secure/#steps
