at bottom :- On 20/01/2018, Thomas Schmitt <scdbac...@gmx.net> wrote: > Package: debian-cd > Severity: normal > Tags: upstream > > Dear Maintainer, > > as described in > https://lists.debian.org/debian-cd/2018/01/msg00019.html > the *.jigdo files are not listed in the checksum files *SUMS. > There is no way provided to check the authenticity of *.jigdo before > downloading by jigdo-lite begins. > > The *.jigdo file provides package file paths, the URLs of fallback > mirrors, and the cheksum of the *.template file. So *.template can > inflate to an image of arbitrary size and jigdo-lite can be lured into > downloading arbitrary URLs. > > > Have a nice day :) > > Thomas > >
Drats, we still don't have a +1 in the web interface. Well, you got my vote for the same as I also use .jigdo from time to time. -- Regards, Shirish Agarwal शिरीष अग्रवाल My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com EB80 462B 08E1 A0DE A73A 2C2F 9F3D C7A4 E1C4 D2D8