On Tue, Aug 01, 2017 at 11:47:44PM +0200, Peter Mc Donough wrote:
Am 01.08.2017 um 23:25 schrieb Roman Bysh:
On 01/08/17 05:02 PM, Peter Mc Donough wrote:
Two different download locations. The message in German: sha256sum: WARNUNG: 14 Zeilen sind nicht korrekt formatiert Something wrong?
It says WARNING: 14 lines are not formatted correctly. The only line you need to look at is the sha256 line.
Ah, I see, it is "OK"!
peter@kubu-lux:/xt/lokal/zusatz/ISOs/ISOs_suse$ sha256sum -c openSUSE-Leap-42.3-DVD-x86_64.iso.sha256 openSUSE-Leap-42.3-DVD-x86_64.iso: OK
I was pondering this last night, burning a disk at work as a high bandwidth sneaker-net. K3b nicely calculated an md5sum, so I went to look for an md5sum, and then tripped over the same warning - but I'd come across it before. There's a difficult balancing act between the level of assumed knowledge and wanting to keep things simple enough not to put too many barriers up. It is also far better to instill good habits from the outset than try to fix bad ones later. Trying to look at this with fresh eyes, from the perspective of a new user, we don't make these validation steps very easy. Ever had a user (rightly) ask why the known host key of an ssh server has changed and how/where to validate it? How many times do you know a server key has changed but have never been asked by a remote user to validate it? Perhaps sha256sum could be improved to recognise a GPG key and send a better informational back to the user? It seems a common use case. So, I then went through the newuser friendly "front door": https://software.opensuse.org/distributions/leap And there is a helpful link: https://en.opensuse.org/SDB:Download_help#Checksums Might it be worth cribbing some of the info and creating an old fashioned readme to drop into the distribution mirrors alongside the iso & sha256 files? Or even add a brief warning/explanation in the checksum files themselves? This might just be for the recursively paranoid, but is there an over-arching set of scripts that actively check changes made to key fingerprints on the twiki & web pages? Daniel -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org