[sf-lug] (forw) Re: How to check distro checksums and signatures
Daniel Gimpelevich
daniel at gimpelevich.san-francisco.ca.us
Sun Feb 21 18:45:50 PST 2016
On Sun, 2016-02-21 at 18:37 -0800, Rick Moen wrote:
> ----- Forwarded message from Bobbie Sellers
> <bliss-sf4ever at dslextreme.com> -----
>
> Date: Sun, 21 Feb 2016 18:29:06 -0800
> From: Bobbie Sellers <bliss-sf4ever at dslextreme.com>
> To: Rick Moen <rick at linuxmafia.com>
> Subject: Re: [sf-lug] How to check distro checksums and signatures
>
[snip]
> However in the Linux Mint instance the checksums of the forged
> disks were also hacked so that when you thought you were getting
> the data from the Mint site you were getting it from the forged site.
That's what signatures are for. If you have a checksum signed with a key
validated by your web of trust, you know that checksum is not hacked.
More information about the sf-lug
mailing list