Hello, Linux Mint had a security breach [1] and was serving an infected ISO. I think this would be a good moment for thinking about our Arch Linux Download-page on [2]. I recommend to change the checksums. MD5 and SHA1 are both broken.[3][4] What do you think about using SHA256 ( or even better SHA512 ) for this? Maybe we should also sign the ISO with a GPG-Key. I don't mean that we should remove the MD5 checksum but we should add some other checksum and sign the ISO. You can call me paranoid but I don't want too see such a security fail on archlinux.org Best regards, Chris Arch Linux Security Team [1] http://arstechnica.com/security/2016/02/linux-mint-hit-by-malware-infection-... [2] https://www.archlinux.org/download/ [3] http://www.mathstat.dal.ca/~selinger/md5collision/ [4] https://www.schneier.com/blog/archives/2015/10/sha-1_freestart.html