[arch-devops] Arch Linux ISO Checksums on archlinux.org
Chris.Rebischke at archlinux.org
Mon Feb 22 15:22:40 UTC 2016
Linux Mint had a security breach  and was serving an infected ISO. I
think this would be a good moment for thinking about our Arch Linux
Download-page on . I recommend to change the checksums. MD5 and SHA1 are
What do you think about using SHA256 ( or even better SHA512 ) for this?
Maybe we should also sign the ISO with a GPG-Key.
I don't mean that we should remove the MD5 checksum but we should add some
other checksum and sign the ISO.
You can call me paranoid but I don't want too see such a security fail on
Arch Linux Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the arch-devops