[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ISO download very failed

On 06/10/2009 05:48 PM, Kevin J. Cummings wrote:
> Steve Searle wrote:

>> I thought torrents were self checking, so does this mean their is an
>> invalid iso image out there, and do I need to download it again?
> The torrents are self checking, but I'm not sure what they check
> (md5sum, sha1sum, or sha256sum).  That's why a CHECKSUM file is included
> with the torrents.

The bittorrent protocol checks that what you download isn't physically
corrupted, nothing more.  Hence, if someone relabels a hacked ISO file
as Fedora-11-i386-DVD.iso, and it's downloaded via BT, you're guaranteed
to get the exact same hacked ISO that was posted.

If one wants to make sure that the contents actually came from Fedora
Project, on the other hand, that requires checking that the sha256sum
agrees with that in a CHECKSUM file with a good signature from Fedora
Project (done using gpg --verify).

Which torrent was this downloaded from?  Normally, if the contents are
bad, the comments will root it out pretty quickly.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]