verify build files for LFS
support
support at expertrepair.co.uk
Thu Dec 18 02:09:09 MST 2008
sparrow wrote:
> I mean the md5 values from the source or author, not from someone who
> downloaded them and then did an md5. There are locations to download the
> source files to build them, but not to download the md5. This page link
> has the download sources, but no link to download the md5. The GNU
> sources have signatures that can be verified from the author of the
> packages, but not necessarily md5.
>
I don't quite get what you are after, if you are downloading a file from
the authors site, and you also want an md5 from the same site to confirm
the download, its kind of pointless. If the site has been hacked and
the original source replaced with something else, it stands to reason
that the md5 (on the same site) would be compromised also. The download
will reach you in original condition thanks to the fact that tcp/ip does
error checking as it goes. As for instructions on confirming the md5 on
each page, ideally you should do it before you begin at all, its
pointless getting halfway through the project just to find you have a
bad copy of something.
Regards
Phill
More information about the lfs-support
mailing list