Signed checksum

Installing Zorin OS
9

Hi,

for the time being I'll go for

$ wget https://get.debian.org/cdimage/release/current/amd64/iso-bd/{{SHA256SUMS,SHA512SUMS}{,.sign},debian-edu-11.1.0-amd64-BD-1.iso}

Index of /cdimage/release/current/amd64/iso-cd

How can I verify my download is correct and exactly what has been created by Debian?

There are files here (SHA512SUMS, etc.) which contain checksums of the images. These checksum files are also signed - see the matching .sign files. Once you've downloaded an image, you can check:

  • that its checksum matches that expected from the checksum file; and
  • that the checksum file has not been tampered with.

For more information about how to do these steps, read the verification guide.

Maybe Zorin OS does consider to provide signed checksums in the future.

Regards,
Ralf

1 Like