Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

Signed iso files

Message
Author
User avatar
anticapitalista
Forum Veteran
Forum Veteran
Posts: 5713
Joined: Sat Jul 15, 2006 10:40 am

Signed iso files

#1 Post by anticapitalista » Fri Mar 18, 2016 4:53 pm

All released ISOs of MX-15, antiX-15.1 and the monthly snapshots have been signed to give users an extra level of security; see the the Wiki article for MX-15 for details on how to use.

The dev team strongly advises users to verify that the downloaded iso file is authentic.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX-17 "Heather Heyer" - lean and mean.
https://antixlinux.com

User avatar
lucky9
Forum Veteran
Forum Veteran
Posts: 11380
Joined: Wed Jul 12, 2006 5:54 am

Re: Signed iso files

#2 Post by lucky9 » Fri Mar 18, 2016 5:49 pm

Is it necessary to redownload if ISOs were downloaded on day they were released? Excluding the snapshot/s that is.
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

User avatar
Adrian
Forum Veteran
Forum Veteran
Posts: 8927
Joined: Wed Jul 12, 2006 1:42 am

Re: Signed iso files

#3 Post by Adrian » Fri Mar 18, 2016 5:54 pm

lucky9 wrote:Is it necessary to redownload if ISOs were downloaded on day they were released? Excluding the snapshot/s that is.
No, you can download only the .sig file(s) and check the validity of the .iso files if you still have them somewhere on your computer. If you already installed the .iso and deleted it you don't need to worry, we haven't had our servers hacked, this is just future-proofing and providing additional security from now on.
Last edited by Adrian on Fri Mar 18, 2016 5:59 pm, edited 1 time in total.

User avatar
anticapitalista
Forum Veteran
Forum Veteran
Posts: 5713
Joined: Sat Jul 15, 2006 10:40 am

Re: Signed iso files

#4 Post by anticapitalista » Fri Mar 18, 2016 5:56 pm

I'll re-phrase the initial post to make it clearer.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX-17 "Heather Heyer" - lean and mean.
https://antixlinux.com

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 16294
Joined: Fri Dec 15, 2006 8:07 pm

Re: Signed iso files

#5 Post by Stevo » Sat Mar 19, 2016 4:45 pm

I've also sent up a .sig file for the latest KDE respin, and am trying an update of the CD-size "Core" MX 15-32.

The wiki now has my keyfile added: http://www.mepiscommunity.org/wiki/syst ... iles#MX-15

User avatar
eugen-b
Forum Regular
Forum Regular
Posts: 572
Joined: Tue Aug 25, 2015 1:56 pm

Re: Signed iso files

#6 Post by eugen-b » Mon Mar 21, 2016 7:46 am

Maybe post the commands in short form on the Sourceforge page. Who will read the wiki before downloading? And consider the positive effect on those who visit the Sourceforge account when they see that antiX and MX use signatures for the ISOs.
MX-14 on a Via Eden 1GHz CPU thin client, 3GB RAM, Via VX800 chipset, Via Chrome9 HC GPU, 32GB M.2 SSD;
btrfs with @ and @home subvolumes for MX-14;
added @antiX and @antiXhome subvolumes and copied antix 13.1 base into them, adjusting Grub from MX-14.

User avatar
Jerry3904
Forum Veteran
Forum Veteran
Posts: 22458
Joined: Wed Jul 19, 2006 6:13 am

Re: Signed iso files

#7 Post by Jerry3904 » Mon Mar 21, 2016 8:22 am

Good thought, something like:
These ISOs are signed for extra security. Details in the Wiki
Production: 4.15.0-1-amd64, MX-17.1, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 8 GB, Kingston SSD 120 GB and WesternDigital 1TB
Testing: AAO 722: 4.15.0-1-386. MX-17.1, AMD C-60 APU, 4 GB

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 16294
Joined: Fri Dec 15, 2006 8:07 pm

Re: Signed iso files

#8 Post by Stevo » Mon Mar 21, 2016 3:01 pm

Does anyone know how to verify the sigs in other operating systems? Do Ubuntu or Peppermint provide anything along that line?

And I updated the 700 MiB "Core" MX 15-32. I had to remove Asunder and MTPaint in order to keep the size under the limit. It's now in the repo with the other respin, with a .sig file, and the wiki is updated.

User avatar
anticapitalista
Forum Veteran
Forum Veteran
Posts: 5713
Joined: Sat Jul 15, 2006 10:40 am

Re: Signed iso files

#9 Post by anticapitalista » Mon Mar 21, 2016 3:06 pm

anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX-17 "Heather Heyer" - lean and mean.
https://antixlinux.com

User avatar
Adrian
Forum Veteran
Forum Veteran
Posts: 8927
Joined: Wed Jul 12, 2006 1:42 am

Re: Signed iso files

#10 Post by Adrian » Mon Mar 21, 2016 3:56 pm

I see some people sign the md5sums and some people sign the ISOs, from what I understand the advantage of signing the md5sums is that it's a quick operation to sign a one line text file, while it takes a long time to sign a ISO, but if you sign the ISO if you verify the signature you don't need to verify the md5sum too, am I right? (It's still good to provide md5sums because some people don't bother to verify signatures)

Post Reply

Return to “General”