Discussion in 'Linux' started by ti666, Oct 2, 2015.
can someone please post the checksums for the official RedHat 6.7 and 7.1 ISOs?
You need to login to view this posts content.
unfortunatly it's not that easy ,
RedHat reveals the ISO checksums only to subscription owners.
And to check if the ISOs are untampered and genuine, noone can rely only to chinese or russian sites, as XcodeGhost has shown.
A word of caution here .... a checksum is only as reliable as it's source .
If it's just a distro that you want to checkout or experiment with .... fine.
But for me , if it was my main OS and it was going to be used for anything personal or financial
( banking or booking flights for example ) then I would definitely not be comfortable with using a checksum
posted on an open forum.
I think this is why there is an ongoing move towards the use of signing keys as a more secure and trustworthy
alternative to verifying downloads by checksum (s) .
But using signing keys is not as easy as comparing checksums ..... swings and roundabouts -