X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f X-Recipient: geda-user AT delorie DOT com Date: Wed, 5 Sep 2018 07:19:33 +0200 (CEST) X-X-Sender: igor2 AT igor2priv To: "Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com]" X-Debug: to=geda-user AT delorie DOT com from="gedau AT igor2 DOT repo DOT hu" From: gedau AT igor2 DOT repo DOT hu Subject: Re: [geda-user] [pcb-rnd] anniversary release: 2.0.1 In-Reply-To: <0cf4753a-6fac-2e90-bdef-ab27e127810a@fastmail.com> Message-ID: References: <0cf4753a-6fac-2e90-bdef-ab27e127810a AT fastmail DOT com> User-Agent: Alpine 2.00 (DEB 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Reply-To: geda-user AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: geda-user AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk Hello Girvin, On Tue, 4 Sep 2018, Girvin Herr (gherrl AT fastmail DOT com) [via geda-user AT delorie DOT com] wrote: > Greetings, > > I just downloaded this version. However, there does not seem to be a check > file to verify the contents. Is there an md5, or better, a gnupg ".asc" file > to verify the file I downloaded is correct? > > If an asc file, where can I find the gnupg key to check it with? Here are the md5sums: ee0974eeff3f256f295b80cf993ac8e0 changelog-2.0.1.txt a2f2cf0651851fce54dfed13b9ca3e5c pcb-rnd-2.0.1.tar.bz2 31f5fbff478fad8fa9ada5db26953230 pcb-rnd-2.0.1.tar.gz c0a16d875eb2d84f40c7acba26d203cc pcb-rnd-2.0.1.zip dd523cba0e62e315c409c9fc9e04e61f relnotes-2.0.1.txt sha1sums: d39014632b5da585a51715af11cc069288800253 changelog-2.0.1.txt 3f00ceb8e58c298109437ee187ef382cc64b5c86 pcb-rnd-2.0.1.tar.bz2 37793ad5a2414b9c67cb386eee711f62b94b5899 pcb-rnd-2.0.1.tar.gz 5e9efd428625b92dff8201fb510e3160c52399ae pcb-rnd-2.0.1.zip 534a9764d0a394813c64138ba2379178e37d3f7a relnotes-2.0.1.txt Transmission: If you are worried about truncated files: the http header contains the file length so your browser or donwloader would know if it received a truncated file. If about transmission errors (random bits changing): tcp/ip has checksums built in, that's usually enough, but probably gzip/bz2 would also detect the problem. Security: We don't have automatism for checksum publication, because we don't have a second channel (everything goes through repo.hu) so it wouldn't mitigate an attack against repo.hu. I am sending this mail from repo.hu too so although you get it through DJ's mailing list server, the md5sums are really coming from the same machine as the tarballs - won't increase security. I mean if a hypotetical attacker gains access to that machine and alter the tarballs, he'd also alter the checksums or signature published from/on the same machine. Best regards, Igor2