You are not logged in.

#1 Yesterday 09:39:34

esotechnica
Member
Registered: 2020-09-29
Posts: 7

Verifying Arch ISO the correct way?

After downloading the Arch ISO image, the download page instructs the user to verify the file integrity using either the SHA256 or BLAKE2b checksums.  It then asks the user to verify the PGP signature for the ISO.

My question is: are both of these checks necessary, or is only one sufficient?  In particular I suspect verifying the PGP signature would be the only step needed, and verifying the checksum after that would be redundant.

Am I correct, or am I misunderstanding something?

Offline

#2 Yesterday 11:59:44

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 13,755

Re: Verifying Arch ISO the correct way?

Both check different things .

The checksum verifies content of the download, while the signature verifies who created the download.

If you want to be sure everything is as it should be check both.
In case you only check one, use the checksum .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Offline

Board footer

Powered by FluxBB