Group: Software/FSDG distributions/Security
From LibrePlanet
(→Releases and signatures: Add workarounds for the lack of signatures) |
(Add workarounds for checksum-only or no-working-checksums releases) |
||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
− | |||
== Releases and signatures == | == Releases and signatures == | ||
Line 13: | Line 9: | ||
| {{no|Checksums only}}<ref>https://mirror.fsf.org/dragora/v3/iso/beta1/</ref> | | {{no|Checksums only}}<ref>https://mirror.fsf.org/dragora/v3/iso/beta1/</ref> | ||
| | | | ||
+ | * There are [https://git.savannah.nongnu.org/cgit/dragora.git/tree/BOOTSTRAPPING.md instructions to build the release yourself] but there is no instructions to verify the source code. | ||
+ | * As a workaround it might be possible to download the checksums through various ways (using multiple Tor routes, local connection), and compare them. Also make sure to download the checksums from the official website or a trusted mirror. | ||
|- | |- | ||
! Dynebolic 3.0-beta | ! Dynebolic 3.0-beta | ||
| {{no|Broken: signed broken checksums (md5)}}<ref>https://files.dyne.org/dynebolic/</ref> | | {{no|Broken: signed broken checksums (md5)}}<ref>https://files.dyne.org/dynebolic/</ref> | ||
− | | | + | | You could still download the images multiple time and compare them with cmp. Though it's far from ideal. |
|- | |- | ||
! Guix 1.4.0 | ! Guix 1.4.0 | ||
Line 44: | Line 42: | ||
! PureOS 10 (byzantium) | ! PureOS 10 (byzantium) | ||
| {{no|Checksums only}}.<ref>https://downloads.puri.sm/byzantium/gnome/2022-06-02/</ref> | | {{no|Checksums only}}.<ref>https://downloads.puri.sm/byzantium/gnome/2022-06-02/</ref> | ||
− | | Workaround: Install PureOS from Parabola with debootstrap and pureos-archive-keyring | + | | |
+ | * Workaround: Install PureOS from Parabola with debootstrap and pureos-archive-keyring | ||
+ | * As a workaround it might also be possible to download the checksums through various ways (using multiple Tor routes, local connection), and compare them. Also make sure to download the checksums from the official website or a trusted mirror. | ||
|- | |- | ||
! Replicant 6.0 0004 | ! Replicant 6.0 0004 | ||
Line 56: | Line 56: | ||
! Ututo S | ! Ututo S | ||
| {{no|No: broken checksums (md5) only}}<ref>http://www.ututo.org/downloads/</ref> | | {{no|No: broken checksums (md5) only}}<ref>http://www.ututo.org/downloads/</ref> | ||
− | | | + | | You could still download the images multiple time and compare them with cmp. Though it's far from ideal. |
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
|} | |} |
Revision as of 20:16, 22 February 2023
Releases and signatures
Distribution | Signed installers | Comments |
---|---|---|
Dragora 3.0-beta1 | Checksums only[1] |
|
Dynebolic 3.0-beta | Broken: signed broken checksums (md5)[2] | You could still download the images multiple time and compare them with cmp. Though it's far from ideal. |
Guix 1.4.0 | Yes, signed images[3] | |
Guix "latest" | No[4] | Workaround: Use Guix 1.4.0 and update it. |
Hyperbola v0.4.2 | Yes, signed images[5] | |
LibreCMC | Yes, signed checksums[6] | |
Parabola | Yes[7] | |
ProteanOS | Yes: signed ProteanOS Development Kit commits[8] | |
PureOS 10 (byzantium) | Checksums only.[9] |
|
Replicant 6.0 0004 | Yes, signed images[10] | |
Trisquel 10.0.1 | Yes, signed images[11] | |
Ututo S | No: broken checksums (md5) only[12] | You could still download the images multiple time and compare them with cmp. Though it's far from ideal. |
- ↑ https://mirror.fsf.org/dragora/v3/iso/beta1/
- ↑ https://files.dyne.org/dynebolic/
- ↑ https://guix.gnu.org/en/download/
- ↑ https://guix.gnu.org/en/download/latest/
- ↑ https://wiki.hyperbola.info/doku.php?id=en:manual:verify_live_images
- ↑ signed checksums: https://librecmc.org/librecmc/downloads/snapshots/v1.5.12/targets/ath79/generic/
- ↑ https://wiki.parabola.nu/Get_Parabola
- ↑ http://proteanos.com/doc/install/prokit/
- ↑ https://downloads.puri.sm/byzantium/gnome/2022-06-02/
- ↑ https://ftp.osuosl.org/pub/replicant/images/replicant-6.0/0004/images/
- ↑ https://cdimage.trisquel.info/trisquel-images/
- ↑ http://www.ututo.org/downloads/