[CentOS] Down C6 ALL without torrent ?
John Hodrien
J.H.Hodrien at leeds.ac.uk
Thu Apr 19 10:37:29 UTC 2018
On Thu, 19 Apr 2018, Always Learning wrote:
> On Thu, 2018-04-19 at 09:40 +0100, John Hodrien wrote:
>
>>> On Wed, April 18, 2018 8:36 pm, Always Learning wrote:
>
>>>> I have an aversion to using anything that comes from unknown sources, as
>>>> used by Torrent.
>
>> Can we also challenge this "torrents are untrustworthy" attitude.
>
> Having, successfully so far, resisted/repelled several devious attacks from
> the Russians, I am keen to maintain a clean, and thus secure, system as
> possible.
>
>> You can be given an ISO from a shady character under a railway bridge,
>
> I'd throw it away unused. Do not want the associated risks.
This is where you're making a mistake. If you're verifying checksums, you're
not taking an additional risk, beyond the risk of a hash collision. If you're
worried about sha256 hash collisions, I think you're worrying about the wrong
things.
The important bit is getting the hash from a secure source, and bothering the
check it.
jh
More information about the CentOS
mailing list