So, Since (forever) I have manually checked the .Digest and such using openssl or gpg, not unlike what is in the gentoo handbook.
This is retarded, and I'm too old to do that now, so I went shopping for some script/tool/code to do it for me. I sure that a sinlple script with diff would be sufficient to compare the download hash against the one openssl generates... In fact, I do not know why the integrity check is not fully integrated into ftp. rsync. or whatever the download tool is? If futher suspicion warrants, I can always perform a manual spot check, but some integrated integrity should be part of the download process? But why not just use a simple script: <scriptname> package.just.downloaded package.just.downloaded.DIGESTS and have it return: <ok or match or corrupted> After all this is intuitively obviously, when I burn a cd/dvd and is an integrated option. ??? So I found this python script "verify.py" https://bbs.archlinux.org/viewtopic.php?id=83839 Sure there is a slicker, newer, better scheme? Pardon my (lazy) ignorance here..... James
