On 2012-02-29 01:13, Nico Kadel-Garcia wrote: > This just came up in the Scientific Linux mailing list. While checksums are > useful, they're not helpful if both the checksum and the file itself are > corrupted. Someone (namely me!) also pointed out the possibility of > manipulating the FTP or HTTP transmission en route, and I pointed out the > risk of a Trojan infested mirror, Bittorrent, or other popular network > access source. It's why I'm happy to use Bittorrent to get ISO's in a > speedy fashion, but *ALWAYS* check the checksums against the original > source when download is complete.
I had never though of this. Using torrents for the file itself, and HTTP for the checksum seems to be quite secure (at least compared to the alternatives). Especially if the torrent file have hundeds of seeders. -- Hugo Osvaldo Barrera
