[ I often skim the debian-user list, but when I'm away on vacation or at a conference I'll miss things unless I'm directly CC:ed ]
Thomas wrote: >Hi, > >Chris XX wrote: >> I was trying to Verify the authenticity of Debian CDs on your website, but I >> don't see instructions that will guide me through the process >> (step-by-step). > >(We are the users. But some Debian Developers are watching, too.) > >Obviously there is a gap between checksum file verification and .iso image >verification. > >Let's first look at the files offered for download: > https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/ >has among others ... > ... > Found: >0b0a75b8a0c8dc05a4b43273e44d7b5e3b0ecec6d9b4e1c88a95d9c886cba5ae0dbeb4b7a5a3016106096a9071572b9a3d8b54dd91a50abce15f713fa22ff229 > Expected: >cc4a6bd50925c1c4af98049060e304494bc9da61eb5eb272c556d67608de14d4e6a4b8bc1c9412a0f810083912e228569f3771ffffa7174538f3e26f45a05245 > MISMATCH: 'debian-9.8.0-amd64-netinst.iso' checksum differs from > 'debian-9.8.0-amd64-netinst.iso' in 'SHA512SUMS' > >So you know that the checksumers really detect nearly all damages of >debian-9.8.0-amd64-netinst.iso. > >-------------------------------------------------------------------------- > >@ Steve McIntyre (maintainer of debian-cd): > >Do you agree with the instructions above ? Yes, that's a very clear description. Thanks! >Is there a consolidated wiki page with such instructions which i failed >to find ? If not: shall we make such a page ? I'm working with the web team to update our web pages for image download, and part of that will include a much clearer set of verification instructions. If you're happy for me to borrow your text above, I think it's a good start! -- Steve McIntyre, Cambridge, UK. st...@einval.com Armed with "Valor": "Centurion" represents quality of Discipline, Honor, Integrity and Loyalty. Now you don't have to be a Caesar to concord the digital world while feeling safe and proud.