On Thu, 19 Apr 2018, Always Learning wrote:
On Thu, 2018-04-19 at 09:40 +0100, John Hodrien wrote:
On Wed, April 18, 2018 8:36 pm, Always Learning wrote:
I have an aversion to using anything that comes from unknown sources, as
used by Torrent.
Can we also challenge this "torrents are untrustworthy" attitude.
Having, successfully so far, resisted/repelled several devious attacks from
the Russians, I am keen to maintain a clean, and thus secure, system as
possible.
You can be given an ISO from a shady character under a railway bridge,
I'd throw it away unused. Do not want the associated risks.
This is where you're making a mistake. If you're verifying checksums, you're
not taking an additional risk, beyond the risk of a hash collision. If you're
worried about sha256 hash collisions, I think you're worrying about the wrong
things.
The important bit is getting the hash from a secure source, and bothering the
check it.
jh
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
