Mailinglist Archive: opensuse-security (10 mails)

< Previous Next >
[opensuse-security] OpenSUSE release md5 and SHA1 values and signature?
  • From: name <allitisabout@xxxxxxxxx>
  • Date: Tue, 13 May 2008 13:50:32 +0200
  • Message-id: <48298088.1030806@xxxxxxxxx>
Hi, I want to verify the authenticity of OpenSUSE stable release and
development release CD and DVD images. In the security announcement
under "Authenticity Verification and Additional Information" it
indicates that:

"SUSE security announcements are published via mailing lists and on Web
sites. The authenticity and integrity of a SUSE security announcement is
guaranteed by a cryptographic signature in each announcement. All SUSE
security announcements are published with a valid signature."

I can verify the security announcement letter. I would like to verify
the OpenSUSE stable release and development release CD and DVD images
that you can download from the web and mirror sites. Why not put the MD5
with each CD and DVD image that you can download along with a signature
to verify it with?

Also, why not put the public key number that is used to sign each
release and distribution on the download pages so that it is easy to
find. I was able to find a "SuSE Package Signing Key" and verify its
authenticity, but it was not the same key used on the release(s).

Please advise on what I can do to verify the authenticity of OpenSUSE
stable and development releases on CD and DVD?

Thanks!
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
This Thread