Signed iso files

Message
Author
User avatar
anticapitalista
Developer
Posts: 4160
Joined: Sat Jul 15, 2006 10:40 am

Signed iso files

#1 Post by anticapitalista »

All released ISOs of MX-15, antiX-15.1 and the monthly snapshots have been signed to give users an extra level of security; see the the Wiki article for MX-15 for details on how to use.

The dev team strongly advises users to verify that the downloaded iso file is authentic.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com

User avatar
lucky9
Posts: 475
Joined: Wed Jul 12, 2006 5:54 am

Re: Signed iso files

#2 Post by lucky9 »

Is it necessary to redownload if ISOs were downloaded on day they were released? Excluding the snapshot/s that is.
Yes, even I am dishonest. Not in many ways, but in some. Forty-one, I think it is.
--Mark Twain

User avatar
Adrian
Developer
Posts: 8248
Joined: Wed Jul 12, 2006 1:42 am

Re: Signed iso files

#3 Post by Adrian »

lucky9 wrote:Is it necessary to redownload if ISOs were downloaded on day they were released? Excluding the snapshot/s that is.
No, you can download only the .sig file(s) and check the validity of the .iso files if you still have them somewhere on your computer. If you already installed the .iso and deleted it you don't need to worry, we haven't had our servers hacked, this is just future-proofing and providing additional security from now on.
Last edited by Adrian on Fri Mar 18, 2016 5:59 pm, edited 1 time in total.

User avatar
anticapitalista
Developer
Posts: 4160
Joined: Sat Jul 15, 2006 10:40 am

Re: Signed iso files

#4 Post by anticapitalista »

I'll re-phrase the initial post to make it clearer.
anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: Signed iso files

#5 Post by Stevo »

I've also sent up a .sig file for the latest KDE respin, and am trying an update of the CD-size "Core" MX 15-32.

The wiki now has my keyfile added: http://www.mepiscommunity.org/wiki/syst ... iles#MX-15

User avatar
eugen-b
Posts: 92
Joined: Tue Aug 25, 2015 1:56 pm

Re: Signed iso files

#6 Post by eugen-b »

Maybe post the commands in short form on the Sourceforge page. Who will read the wiki before downloading? And consider the positive effect on those who visit the Sourceforge account when they see that antiX and MX use signatures for the ISOs.
MX-14 on a Via Eden 1GHz CPU thin client, 3GB RAM, Via VX800 chipset, Via Chrome9 HC GPU, 32GB M.2 SSD;
btrfs with @ and @home subvolumes for MX-14;
added @antiX and @antiXhome subvolumes and copied antix 13.1 base into them, adjusting Grub from MX-14.

User avatar
Jerry3904
Administrator
Posts: 21881
Joined: Wed Jul 19, 2006 6:13 am

Re: Signed iso files

#7 Post by Jerry3904 »

Good thought, something like:
These ISOs are signed for extra security. Details in the Wiki
Production: 5.10, MX-23 Xfce, AMD FX-4130 Quad-Core, GeForce GT 630/PCIe/SSE2, 16 GB, SSD 120 GB, Data 1TB
Personal: Lenovo X1 Carbon with MX-23 Fluxbox and Windows 10
Other: Raspberry Pi 5 with MX-23 Xfce Raspberry Pi Respin

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: Signed iso files

#8 Post by Stevo »

Does anyone know how to verify the sigs in other operating systems? Do Ubuntu or Peppermint provide anything along that line?

And I updated the 700 MiB "Core" MX 15-32. I had to remove Asunder and MTPaint in order to keep the size under the limit. It's now in the repo with the other respin, with a .sig file, and the wiki is updated.

User avatar
anticapitalista
Developer
Posts: 4160
Joined: Sat Jul 15, 2006 10:40 am

Re: Signed iso files

#9 Post by anticapitalista »

anticapitalista
Reg. linux user #395339.

Philosophers have interpreted the world in many ways; the point is to change it.

antiX with runit - lean and mean.
https://antixlinux.com

User avatar
Adrian
Developer
Posts: 8248
Joined: Wed Jul 12, 2006 1:42 am

Re: Signed iso files

#10 Post by Adrian »

I see some people sign the md5sums and some people sign the ISOs, from what I understand the advantage of signing the md5sums is that it's a quick operation to sign a one line text file, while it takes a long time to sign a ISO, but if you sign the ISO if you verify the signature you don't need to verify the md5sum too, am I right? (It's still good to provide md5sums because some people don't bother to verify signatures)

Locked

Return to “General”