On Thu, 26 Apr 2001, Vincent Danen wrote:
> I've been asked to post something regarding verifying md5sums for
> downloaded ISOs, so here goes.
...
> files: Mandrake80-ext.iso, Mandrake80-inst.iso, and md5sums.
> Make sure all three files are in the same directory and then excute:
> md5sum -c md5sums
Is this paranoid enough? This will show if someone changed the ISO and
not the checksum file (or vice versa), but how likely is that? Anyone who
is able to change the ISO on a given server is also able to change the
checksum file. It will, of course, spot random download corruption, but
this is less of an issue than it was back in the day.
In order for the md5sums to provide any assurance that this is the file
released by mandrakesoft, the sum file and the iso files should come from
different places. Getting them from different mirrors will assure you
that there's nothing odd with just one mirror operator (though they could
both be compromised, it's much less likely). If checksums are included in
an e-mail announcement from the developer, that's even better.
--
Mark Rafn [EMAIL PROTECTED] <http://www.dagon.net/>
