I'm glad someone else asked about this. :-)
I ran this last night before install, I didn't get errors or warnings, but
the numbers (output) didn't match. I typed: /usr/bin/md5sum *
in the directory where I downloaded them and got three long numbers for the
files (inst-iso, ext-iso, md5sum). How do you know if it's right? What am I
looking for? The install didn't go perfect, several of the packages/apps I
selected couldn't be installed.
-s
On Sunday 22 April 2001 02:53 pm, you wrote:
> Dwight,
>
> I don't think anyone else responded, so I'll take a stab at it.
>
> Are you concerned about whether the file containing the md5sums is
> authentic, or about whether the md5sum of the iso you downloaded is
> correct (matches the md5sum in the text file you are talking about)?
>
> The second is simpler to discuss, assuming the first is true.
>
> Just run the md5sum command (executable) on the downloaded iso. If the
> md5sum calculated by the md5sum executable matches the md5sum in the
> text file you are talking about, then you have reasonable assurance that
> your download has been error free.
>
> If, somehow, someone replaced the "authentic" md5sums with some bogus
> md5sums, (and the iso with a bogus iso), you (and many others) probably
> have a problem.
>
> I'm sure that could happen, but I haven't worried about it so far. Are
> you downloading from a well-known / reliable mirror? If so, I wouldn't
> worry too much about the possibility of someone having replaced the
> file. Some people who publish isos use a program like PGP to "sign" the
> files containing the md5sums (or the isos?) to guarantee authenticity.
> (I'd tell you more about PGP, but I've never actually used it.)
>
> Although the md5sum can be used to provide security against someone
> having replaced the iso with a bogus iso, the bigger purpose of the
> md5sum (in this case) is to provide a confirmation that your download
> has been error free (I say, donning my asbestos longjohns).
>
> Hope this helps,
> Randy Kramer
>
> Dwight wrote:
> > Ok, this file appears to be a text file, and it says it is sums for ISO's
> > to ensure they are all correct. The only problem is I haven't been able
> > to find out how you test it to verify this string. Anyone got that info?
> >
> > Take Care, Dwight
> >
> > Daynotes, Columns, Tips, message boards, we try to give you it as much as
> > we can. http://www.geekworld.ca/personal/
> >
> > Public Key is http://www.geekworld.ca/Keys/DwightWallbridge.asc
