I just noticed that in hashtab sha256 is not enabled by default, so I would
further add the following sentence to the windows/mac instructions:
"SHA256 is not enabled by default in HashTab, so you will have to
click *options
*and enable it."
Török Edwin wrote:
What if you already have an older
le users and made different proposals for
software that allows checking hashes on windows and mac.*
Could you please review this and implement it on the website.
Thanks in advance,
Naja Melan
**
*
*
*How can I verify that the downloaded CD images are correct?*
**
*Errors can occur during the dow
Hi Alexander,
fair play, this is a proposition for a narrowed down search:
https://encrypted.google.com/search?num=100&hl=en&lr=lang_en&tbs=lr%3Alang_1en&q=site%3Awww.debian.org+md5+-site%3Awww.debian.org%2FNews+-%22MD5+checksums+of+the+listed%22+-inurl%3Aja.html&aq=f&aqi=&aql=&oq=
It yields abo
org*+md5&aq=f&aqi=&aql=&oq=
should be .org I think
greetz
naja melan
and blatantly outdated, wrong or missing security advice scores
really bad.
As a final question I wonder if debian has security policies for developers
and if they are publicly available? If so, could someone point me to them.
If not, I think that this is really worrying.
greetz
Naja Melan
on regarding verification of a debian
> installation iso
> To: Naja Melan
>
>
> On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote:
> > If the author of such instructions
> > would be forced to justify say md5, I am quite confident that md5 would
> > instantly be scr
installation iso
To: Naja Melan
On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote:
> If the author of such instructions
> would be forced to justify say md5, I am quite confident that md5 would
> instantly be scrapped and replaced by better algorithm and we would
> instantly already hav
Thanks for taking this subject serious.
> HTTPS is going to make it harder for man-in-the-middle shenanigans, but
> that is only part of the path "from the developer to the user."
> One also has to consider whether the project's servers have been tampered
> with - which tends to be the much more
-- Forwarded message --
From: Robert Tomsick
Date: Mon, Jan 3, 2011 at 7:52 PM
Subject: Re: Fwd: Fwd: question regarding verification of a debian
installation iso
To: Naja Melan
On Mon, 2011-01-03 at 19:23 +0100, Naja Melan wrote:
> If the author of such instructions
> wo
t false sense of security and have an educational value as well as the
added benefit that people using security mechanisms would also understand
them much more often.
I rest my case,
greetz,
naja melan
se it seems that that is as good as it
gets with https. Their site is very neat and informative in verifying their
downloads, it all comes over certified https even extra tools like the
liveusb-creator. This gives me at least a higher sense of trust than the
current debian situation.
greetz
naja melan
tion media is representative for the whole debian
development, than I just want to steer away from it and start telling people
to stop using it.
greetz,
naja melan
-- Forwarded message --
From: Naja Melan
Date: Sun, Jan 2, 2011 at 10:55 PM
Subject: Re: question regarding verification of a debian installation iso
To: Arthur de Jong
Arthur,
I wholeheartedly agree with everything you write. I also think https has
serious drawbacks. So does
check
accidental corruption of the file, where I try to find some protection
agains deliberate tampering. Hence the relation to the subject of security.
The reason I prefer email is that my temperament is rather undiplomatic,
which is worsened severely on faster chat mediums.
greetz and a good year,
naja melan
over the internet
and I have no idea on how to verify that one.
Could someone please tell me how I could do that? ( Assuming that all the
people that signed that key are not at hand here at my home, and so I could
not receive their public keys personally.)
Thanks in advance.
naja melan
15 matches
Mail list logo
