gnu-linux-libre
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Help users to verify their downloads


From: Andreas Grapentin
Subject: Re: [GNU-linux-libre] Help users to verify their downloads
Date: Mon, 18 Jun 2018 16:11:12 +0200
User-agent: Mutt/1.10.0 (2018-05-17)

Hello Donald,

parabola provides Sha512 and Whirlpool checksums for all downloadable
images, and all images are gpg signed, so users concerned about the
validity of the files can verify them easily.

Additionally, all packages downloaded using the system installed package
manager are signed with a trusted set of maintainer keys, and packages
without matching signatures are automatically rejected in the default
configuration.

Hope this helps,
Andreas

On Mon, Jun 18, 2018 at 08:37:20AM -0400, Donald Robertson wrote:
> Hello all,
> 
> We've recently received some feedback from users concerned about
> verifying their downloads of free distros. They want to make sure that
> what they've downloaded is actually the distro, and not something that
> has been modified in some way. Some distros already provide ways for
> users to check their downloads, but it isn't universal. I know Trisquel
> provides md5, sha1, sha256, and gpg for their users to verify downloads,
> and I think it is a good practice for every distro. Could I get help in
> checking what other distros are providing for this issue, and working to
> encourage all distros to provide such options? Thank you all for any
> help you can provide, and let me know if you have any questions.
> -- 
> Donald R. Robertson, III, J.D.
> Licensing & Compliance Manager
> Free Software Foundation
> 51 Franklin Street, Fifth Floor
> Boston, MA 02110
> Phone +1-617-542-5942
> Fax +1-617-542-2652 ex. 56
> 

-- 

------------------------------------------------------------------------------
my GPG Public Key:                 https://files.grapentin.org/.gpg/public.key
------------------------------------------------------------------------------

Attachment: signature.asc
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]