Do you check MD5/SHA1 sums of files/packages?
Submitted by alexx on Thu 12 Apr 2007
| Always |
   9% | 48 votes |
| Only important downloads |
28% | 150 votes |
| Rarely |
20% | 108 votes |
| One or two times I did |
15% | 83 votes |
| Never |
26% | 140 votes |
| Total 529 votes |
I've been having issues with Debian 4.0 netinst ISOs. Somehow, every single md5sum that I'd run would fail.
Seems Debian MD5SUMS files are plain wrong.
Seems Debian MD5SUMS files are plain wrong.
[ Parent ]
Posted by Anonymous (213.164.xx.xx) on Thu 12 Apr 2007 at 15:41
> Seems Debian MD5SUMS files are plain wrong.
They're find for me. Try an rsync -c to fix.
If you are checking the .iso files they are right.
If you check it using md5sum /dev/cdrom, this will give bad results on some drives.
They're find for me. Try an rsync -c to fix.
If you are checking the .iso files they are right.
If you check it using md5sum /dev/cdrom, this will give bad results on some drives.
[ Parent ]
Posted by Anonymous (213.164.xx.xx) on Thu 12 Apr 2007 at 15:38
Packages? No. That's the package management program's job.
Source archives? (tar.gz) always.
isos? Never. BitTorrent checks for me.
Source archives? (tar.gz) always.
isos? Never. BitTorrent checks for me.
[ Parent ]
Posted by Steve (62.30.xx.xx) on Thu 12 Apr 2007 at 18:13
[ Send Message | View Steve's Scratchpad | View Weblogs ]
[ Send Message | View Steve's Scratchpad | View Weblogs ]
Seconded on all counts.
I've made a real point of GPG-signing all my recent software releases in the hopes that people will check. Evilly I once posted a deliberately bogus GPG signature to see if people would complain .. I bet you can guess how many did!
[ Parent ]