[CentOS] Down C6 ALL without torrent ?

Thu Apr 19 10:37:29 UTC 2018
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Thu, 19 Apr 2018, Always Learning wrote:

> On Thu, 2018-04-19 at 09:40 +0100, John Hodrien wrote:
>
>>> On Wed, April 18, 2018 8:36 pm, Always Learning wrote:
>
>>>> I have an aversion to using anything that comes from unknown sources, as
>>>> used by Torrent.
>
>> Can we also challenge this "torrents are untrustworthy" attitude.
>
> Having, successfully so far, resisted/repelled several devious attacks from
> the Russians, I am keen to maintain a clean, and thus secure, system as
> possible.
>
>> You can be given an ISO from a shady character under a railway bridge,
>
> I'd throw it away unused. Do not want the associated risks.

This is where you're making a mistake.  If you're verifying checksums, you're
not taking an additional risk, beyond the risk of a hash collision.  If you're
worried about sha256 hash collisions, I think you're worrying about the wrong
things.

The important bit is getting the hash from a secure source, and bothering the
check it.

jh