ISO download very failed
Andre Robatino
andre at bwh.harvard.edu
Wed Jun 10 22:02:16 UTC 2009
On 06/10/2009 05:48 PM, Kevin J. Cummings wrote:
> Steve Searle wrote:
>> I thought torrents were self checking, so does this mean their is an
>> invalid iso image out there, and do I need to download it again?
>
> The torrents are self checking, but I'm not sure what they check
> (md5sum, sha1sum, or sha256sum). That's why a CHECKSUM file is included
> with the torrents.
The bittorrent protocol checks that what you download isn't physically
corrupted, nothing more. Hence, if someone relabels a hacked ISO file
as Fedora-11-i386-DVD.iso, and it's downloaded via BT, you're guaranteed
to get the exact same hacked ISO that was posted.
If one wants to make sure that the contents actually came from Fedora
Project, on the other hand, that requires checking that the sha256sum
agrees with that in a CHECKSUM file with a good signature from Fedora
Project (done using gpg --verify).
Which torrent was this downloaded from? Normally, if the contents are
bad, the comments will root it out pretty quickly.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3266 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090610/539e030c/attachment-0001.p7s>
More information about the fedora-list
mailing list