checksums for official RedHat ISOs?

Discussion in 'Linux' started by ti666, Oct 2, 2015.

  1. ti666

    ti666 MDL Novice

    Nov 7, 2010
    17
    2
    0
    #1 ti666, Oct 2, 2015
    Hello,

    can someone please post the checksums for the official RedHat 6.7 and 7.1 ISOs?

    Thanks
    ti
     
  2. Skaendo

    Skaendo MDL Addicted

    Sep 23, 2014
    888
    534
    30
    #2 Skaendo, Oct 2, 2015
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ti666

    ti666 MDL Novice

    Nov 7, 2010
    17
    2
    0
    #3 ti666, Oct 3, 2015 (OP)
    unfortunatly it's not that easy ;),

    RedHat reveals the ISO checksums only to subscription owners.
    And to check if the ISOs are untampered and genuine, noone can rely only to chinese or russian sites, as XcodeGhost has shown.

    ti
     
  4. Mutoid

    Mutoid MDL Member

    Sep 23, 2015
    182
    24
    10
    #4 Mutoid, Oct 3, 2015
    Last edited: Oct 3, 2015
    A word of caution here .... a checksum is only as reliable as it's source .

    If it's just a distro that you want to checkout or experiment with .... fine.

    But for me , if it was my main OS and it was going to be used for anything personal or financial
    ( banking or booking flights for example ) then I would definitely not be comfortable with using a checksum
    posted on an open forum.

    I think this is why there is an ongoing move towards the use of signing keys as a more secure and trustworthy
    alternative to verifying downloads by checksum (s) .

    But using signing keys is not as easy as comparing checksums ..... swings and roundabouts - :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...