[nSLUG] md5 checksum

Robert Ashley rb.ashley at gmail.com
Mon Jan 15 13:17:32 AST 2007


Thanks for the advice, Dop. Hope you're doing well.

I confess that my motive for this checksumming stuff is a run of bad
luck with cd-rom/installation failures. Correlation probably weak, I
know. But why, just yesterday, I bought a magazine, 'Linux Pro' with
an Unbuntu 6.10 cd insert. Drastically dastard thing wouldn't even
mount in the drive.

It reminds of buying strings of christmas lights many years ago.
Practically guaranteed that a good percentage of the bulbs were duds.

I guess I was more concerned about the integrity or correctness of the
downloaded file than it's authenticity. I suspect here, though, there
maybe *IS* a correlation between these concerns?

Yeah, I'm looking forward to the Dal installfest.

Bob


On 1/15/07, Dop Ganger <nslug at fop.ns.ca> wrote:
> On Mon, 15 Jan 2007, Robert Ashley wrote:
>
> > I downloaded an ubuntu 6.10 iso file from an American mirror site. In
> > Windows I also downloaded a utility-->
> > Advanced CheckSum Verifier (ACSV) v1.5.0
> >
> > The way I read the instructions, I should have got/seen/dl'd a
> > checksum file from the ubuntu iso download site.
> >
> > Is it true that I can only verify checksum by having the checksum file
> > from the original dl site?
>
> No, you should be able to get the md5sum file from any of the mirror
> sites.
>
> > Otherwise, what am I verifying?
>
> You're verifying that what was downloaded and saved to your hard drive is
> the same as what you downloaded from the site - ie, making sure the image
> was not corrupted during the download. If (and I think this is the
> question you're really asking) you want to make sure it's an authentic iso
> as released by Ubuntu, you will need to get the gpg file and use that with
> gpg to check the md5sum file you downloaded was authentically signed,
> which you can then be reasonably sure (modulo md5sum collisions) what you
> downloaded is an authentic Ubuntu iso. Then to be *really* sure you'll
> need to get yourself on a chain of trust which will involve going to a
> keysigning party - I imagine there will be some keysigning going on at the
> Dal installfest at the end of the month, if you're really that worried
> about it.
>
> Cheers... Dop.
>
>
>
> _______________________________________________
> nSLUG mailing list
> nSLUG at nslug.ns.ca
> http://nslug.ns.ca/cgi-bin/mailman/listinfo/nslug
>
> 
>
>

!DSPAM:45abe7d167141381118685!




More information about the nSLUG mailing list