Hi, i looked into jigdo-file about the safety of the final jigdo-lite statement "OK: Checksums match, image is good!"
The message stems from src/jigdo-file-cmd.cc where i read MD5Sum md; // MD5Sum of image md.updateFromStream(*image, info->size(), readAmount, *optReporter); md.finish(); if (*image) { image->get(); if (image->eof() && md == info->md5()) { optReporter->info(_("OK: Checksums match, image is good!")); return 0; So probably jigdo-file has to learn other checksumming algorithms like SHA512 in order to get sufficient safety against intentional manipulation. Until then, it should not be that much affirmative in its message, but rather tell that it's only tested by a (yet untrusted) MD5 and that the usual verification procedure for downloaded ISOs is still needed. Have a nice day :) Thomas