The md5 file can be used to do a trivial validation on an iso file by having both the md5 file ad the iso in the sae directory and also having a version of md5sum installed on either Linux or windows. Then it's a matter of running md5sum speakup-netinst-3.1r0a.iso <cr> and md5sum should take a while and if you're lucky just return you to the system or prompt which means the md5sum test passed. For the gpg file you'll need to have gpg installed and operational and you'll need to import the gpg file into your keyring. If memory serves after that gpg -v speakup-netinst-3.1r0a.iso and wait for the response. It's not uncommon to have a file pass the md5sum test and fail the gpg test either. If any of the two tests fail, you got yourself a bad iso download and will need to repeat the try later. I managed to get an earlier version of debian downloaded but never managed to get the latest version downloaded and burnt clean to date. So I'm going to try an image download if I can ever get a good line for the sources.list file
