Hello.

I've been enjoying Knoppix 3.2 for many months now. Now I'd like to try out and use 3.3.

I can get from many many mirrors, but none from the Knoppix site itself. Probably that's good, as if that site had it available for download, it would be swamped.

But what I would like to know is, does the Knoppix or Knopper website have at least a posting of the MD5 sum? It is possible that a mirror may have a compromised or unauthentic version of Knoppix on it. All a bad person would need to do is create a new MD5 sum for that mirror, and nobody would ever know.

Can anyone direct me to a place on the basic Knopper.net website that shows the original MD5 sum of the Knoppix master?



Thank you very much.


Joe

MD5 signature files are small, so feel free to get them from *several*
mirrors if you mistrust the one you download your ISO from...

But what I would like to know is, does the Knoppix or Knopper website have at least a posting of the MD5 sum? It is possible that a mirror may have a compromised or unauthentic version of Knoppix on it. All a bad person would need to do is create a new MD5 sum for that mirror, and nobody would ever know.

Thank you very much.


Joe

You could always use GPG and look at the GPG signed md5.asc file and fetch the public key for the signature the file contains the md5 sum and the signature to prevent the possibility for problems that you are worried about. So unless someone gets the GPG key used to generate the signature file you can always check the validity of the md5sum on the mirror.

Stephen: Thanks for your helpful tip. I did not realize that the md5.asc was GPG signed.

How can I be sure to get an authentic public key of the signer?


Also, how can I figure out how to use GPG without being an expert power user with it (For example, md5 is nice and easy to understand and use)?


Thank you very much.


Joe.