On Mon, Feb 22, 2016 at 04:55:17PM +0100, Levente Polyak wrote:
On February 22, 2016 4:22:40 PM GMT+01:00, Christian Rebischke <Chris.Rebischke@archlinux.org> wrote:
Maybe we should also sign the ISO with a GPG-Key.
I don't mean that we should remove the MD5 checksum but we should add some other checksum and sign the ISO.
The ISO is actually signed, above the mentioned checksums [0] you can find the signature file [1].
Cheers, Levente
[0] https://www.archlinux.org/download/ [1] https://www.archlinux.org/iso/2016.02.01/archlinux-2016.02.01-dual.iso.sig
Sorry guys, there I was too fast and inattentive. But, however, what do you think about adding a stronger checksum to it? I know that a GPG-signatures + MD5 or SHA1 would be enough but I know enough people who just check the checksum and don't care about signatures. regards, chris