Mail Archives: geda-user/2018/09/05/01:10:28
Hello Girvin,
On Tue, 4 Sep 2018, Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com] wrote:
> Greetings,
>
> I just downloaded this version. However, there does not seem to be a check
> file to verify the contents. Is there an md5, or better, a gnupg ".asc" file
> to verify the file I downloaded is correct?
>
> If an asc file, where can I find the gnupg key to check it with?
Here are the md5sums:
ee0974eeff3f256f295b80cf993ac8e0 changelog-2.0.1.txt
a2f2cf0651851fce54dfed13b9ca3e5c pcb-rnd-2.0.1.tar.bz2
31f5fbff478fad8fa9ada5db26953230 pcb-rnd-2.0.1.tar.gz
c0a16d875eb2d84f40c7acba26d203cc pcb-rnd-2.0.1.zip
dd523cba0e62e315c409c9fc9e04e61f relnotes-2.0.1.txt
sha1sums:
d39014632b5da585a51715af11cc069288800253 changelog-2.0.1.txt
3f00ceb8e58c298109437ee187ef382cc64b5c86 pcb-rnd-2.0.1.tar.bz2
37793ad5a2414b9c67cb386eee711f62b94b5899 pcb-rnd-2.0.1.tar.gz
5e9efd428625b92dff8201fb510e3160c52399ae pcb-rnd-2.0.1.zip
534a9764d0a394813c64138ba2379178e37d3f7a relnotes-2.0.1.txt
Transmission:
If you are worried about truncated files: the http header contains the
file length so your browser or donwloader would know if it received a
truncated file. If about transmission errors (random bits changing):
tcp/ip has checksums built in, that's usually enough, but probably
gzip/bz2 would also detect the problem.
Security:
We don't have automatism for checksum publication, because we don't have a
second channel (everything goes through repo.hu) so it wouldn't mitigate
an attack against repo.hu. I am sending this mail from repo.hu too so
although you get it through DJ's mailing list server, the md5sums are
really coming from the same machine as the tarballs - won't increase
security. I mean if a hypotetical attacker gains access to that machine
and alter the tarballs, he'd also alter the checksums or
signature published from/on the same machine.
Best regards,
Igor2
- Raw text -