laigualdad <[email protected]> writes:
> In the most recent directory, "2014.10.07", an .sfv (Simple > verification) file is provided rather than a checksum file. Scratching > my head at this. Before now, I'd never even heard of SFV. A quick > search gives me many sources saying that SFV cannot be used to verify > a file's authenticity. Even MD5 hashes are better. SFV does not provide any authenticity verification, as md5, SHA-1/2 do not either. Its purpose is to provide the fastest integrity verification. Authenticity (and an added checksum embedded layer) resides on the gpg sign (.sig) in the same directory, which may point to some dude, indeed, familiar to me... At this point, ISO is trustful. > My request is that, for the quickest solution, a sha256sums file be > included in the repos as it was in previous images. I need to download > the image to start fresh after If you really find this as an issue, I would suggest you to fill a bug on labs.parabola.nu so we can examine it and add to our list of pending TODOs. One for every different issue, giving as much details you feel are necessary. As older ISOs are not longer maintained and I have no way to verify how they were built or who was the responsible I can do nothing, thus I'm unable to sign them. Expect some changes on new releases from next year on, beginning with the contribution of your suggestions at labs.. _______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
