The secret maze of Debian images
blog.fai-project.org

Delve into the wondrous labyrinth of sparkling images that is the Debian build output.

  • ReallyZen@lemmy.ml
    81·
    3 months ago

    “You can ignore the SHA... files if you do not know what they are needed for. They are not important for you.”

    …That’s where I stopped reading this.

    • gomp@lemmy.ml
      31·
      3 months ago

      I stopped at “secret” (yes, the occurrence in the title) :)

      TBH the checksums are pretty useless for humans who download an .iso and install it… they are mainly for mirrors and similar that download files without using them

      • 𝘋𝘪𝘳𝘬@lemmy.ml
        1·
        3 months ago

        Also: If someone manages to tamper with the downloadable ISO … they likely will be able to tamper with the signature files, too.