ikidd@lemmy.world to Linux@lemmy.mlEnglish · 9 months agoThe Secret Maze of Debian Imagesblog.fai-project.orgexternal-linkmessage-square3linkfedilinkarrow-up120arrow-down12file-text
arrow-up118arrow-down1external-linkThe Secret Maze of Debian Imagesblog.fai-project.orgikidd@lemmy.world to Linux@lemmy.mlEnglish · 9 months agomessage-square3linkfedilinkfile-text
minus-squareReallyZen@lemmy.mllinkfedilinkarrow-up10arrow-down1·9 months ago “You can ignore the SHA... files if you do not know what they are needed for. They are not important for you.” …That’s where I stopped reading this.
minus-squaregomp@lemmy.mllinkfedilinkarrow-up7·9 months agoI stopped at “secret” (yes, the occurrence in the title) :) TBH the checksums are pretty useless for humans who download an .iso and install it… they are mainly for mirrors and similar that download files without using them
minus-square𝘋𝘪𝘳𝘬@lemmy.mllinkfedilinkarrow-up6·9 months agoAlso: If someone manages to tamper with the downloadable ISO … they likely will be able to tamper with the signature files, too.
…That’s where I stopped reading this.
I stopped at “secret” (yes, the occurrence in the title) :)
TBH the checksums are pretty useless for humans who download an .iso and install it… they are mainly for mirrors and similar that download files without using them
Also: If someone manages to tamper with the downloadable ISO … they likely will be able to tamper with the signature files, too.