On 06/10/2009 05:48 PM, Kevin J. Cummings wrote: > Steve Searle wrote: >> I thought torrents were self checking, so does this mean their is an >> invalid iso image out there, and do I need to download it again? > > The torrents are self checking, but I'm not sure what they check > (md5sum, sha1sum, or sha256sum). That's why a CHECKSUM file is included > with the torrents. The bittorrent protocol checks that what you download isn't physically corrupted, nothing more. Hence, if someone relabels a hacked ISO file as Fedora-11-i386-DVD.iso, and it's downloaded via BT, you're guaranteed to get the exact same hacked ISO that was posted. If one wants to make sure that the contents actually came from Fedora Project, on the other hand, that requires checking that the sha256sum agrees with that in a CHECKSUM file with a good signature from Fedora Project (done using gpg --verify). Which torrent was this downloaded from? Normally, if the contents are bad, the comments will root it out pretty quickly.
Description: S/MIME Cryptographic Signature