On Tue, Jun 15, 2010 at 9:39 AM, VIGNESH PRABHU <stove311...@gmail.com> wrote: > > > On Tue, Jun 15, 2010 at 9:28 AM, Narendra Diwate <narendra.diw...@gmail.com> > wrote: >>> >>> Not sure how that will help. If someone has been able to upload or put a >>> compromised package on a site, he can also put a md5sum for it. When you are >>> downloading from a untrusted place, everything there can be suspect. > > Well Nigel actually was suggesting you to check the md5sum from the real > source or from the main repository. The idea is that though it is advisable > to download packages from nearest mirror, it is always good to confirm that > the package uploaded by the mirror is a genuine package. >
But not all downloads will have mirrors, only popular ones will have... (with Mirrors) Also If someone compromised into main server and changed MD5 Hash then all mirrors will look to be forged... > -- > Regards, > Vignesh > B. Tech in Computer Science > National Institute Of Technology-Durgapur > > > > > -- > ubuntu-in mailing list > ubuntu-in@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-in > > -- ubuntu-in mailing list ubuntu-in@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
