Date: 20 Jan 2003 09:55:56 -0800 From: swear@attbi.com (Gary W. Swearingen) To: Udo Erdelhoff <ue@nathan.ruhr.de> Cc: freebsd-doc@freebsd.org, freebsd-security@freebsd.org Subject: Re: Putting MD5 checksums on the web site Message-ID: <mrd6mrr9hv.6mr@localhost.localdomain> In-Reply-To: <20030120065252.GB173@nathan.ruhr.de> References: <20030120065252.GB173@nathan.ruhr.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Udo Erdelhoff <ue@nathan.ruhr.de> writes: > Hi, > some time ago, Bruce added the MD5 checksums for the 4.7 ISOs to > the release notes website (www/en/releases/4.7R/CHECKSUM-i386.MD5 > in the CVS repository). I think this is a good idea that should > be repeated for 5.0. I could assemble the file easily enough from > the various CHECKSUM.MD5 files for the different platforms by > sampling the mirrors. I was about to say GREAT IDEA, because my practice has been to get an ISO from one mirror and its MD5 from a different mirror. It would be even better to get the MD5s from a real, non-mirror freebsd.org server, if there is such a beast. But the extra security step could be rendered worthless if you happen to get the "official" MD5 from the same mirror I get my ISO from (so they could both be tampered versions), as I infer from the last quoted line. I hope I've misunderstood something. The PGP thing might eliminate this worry for the few who have taken the time to learn and configure PGP tools, but it would be good to consider the many more of us who haven't (and won't). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?mrd6mrr9hv.6mr>