Hi, due to popular resistence i created a new wiki page https://wiki.debian.org/VerifyISOImage with the content which i would propose to https://www.debian.org/CD/faq/#verify
Regrettably i was unable to mimick the bullet list paragraphs of the FAQ, so that i had to change the text for a more unstructured presentation. (This does not have to be a disadvantage. But now i have two versions which i need to maintain until a decision is made at debian-cd.) Interested people are invited to proof-read it, but please make only cosmetic changes and discuss any substantial change with me in advance. Technical correctness and portability beyond the currently supported releases of Debian are important to me. Now for the restistence: Max Nikulin wrote: > Do not try to cover everything exhaustively from the beginning. Just move > the section from XorrisoDdTarget as a starting point. Naw. That would be botch. I want the real stuff. :)) > I think, <https://www.debian.org/doc/>, <https://www.debian.org/CD>, > and wiki articles should have mutual cross-links and wiki pages should > be most detailed documents. Now there is something to link to. But i would like to discuss the official status of script check_debian_iso with debian-cd before asking for links from the official Debian pages. (See the ugly ">>> TODO" paragraph in the new page.) Franco Martelli wrote: > The commandline I use it's: > ~$ sha512sum --ignore-missing -c SHA512SUMS > > no need to use "grep", since the "sha512sum" command looks for in the > current working directory the files listed in SHA512SUMS and it calculates > the checksum automatically. Problem is that --ignore-missing is a younger option of sha512sum. I know that it does not work on Debian 8 and wonder when exactly it was introduced. It is not mentioned in https://tracker.debian.org/media/packages/c/coreutils/changelog-9.4-3.1 and https://codesearch.debian.net/search?q=package%3Acoreutils+ignore-missing drowns me in translation files. I really really hate i18n. So i stay with the "grep -F" method and would offer resistence myself to attempts to exclude users of old GNU/Linuxes. :)) > Is it really necessary to verify the data written on the device? > Wouldn't it be better to focuses on verify correctness and authenticity > of a downloaded ISO? Wouldn't that be enough? In which circumstances is > it necessary? It is mentioned in the CD FAQ of which the new page shall be a superset. Lee and Hans reported use cases for verifying on storage medium. Lee allowed MS-Windows to touch the USB stick: https://lists.debian.org/debian-user/2024/09/msg00027.html This case has an own section in the new wiki page. Hans has a collection of unreliable USB sticks which give him the impression that FAT, and only FAT, works on them. https://lists.debian.org/debian-user/2024/09/msg00059.html This impression is quite surely not the whole story on his hardware. A reliable verification after apparent success seems advisable. Have a nice day :) Thomas
