CentOS 4.8 iso signature missing

Support for security such as Firewalls and securing linux
Post Reply
hilti
Posts: 3
Joined: 2005/10/08 07:38:54

CentOS 4.8 iso signature missing

Post by hilti » 2009/08/31 12:55:04

I cannot find the signed sha1 and md5 files, sha1sum.txt.asc and md5sum.asc for CentOS 4.8 on the mirror sites.

Does anyone know where to find them or can someone from the centos team put them on the mirrors?

User avatar
toracat
Forum Moderator
Posts: 7307
Joined: 2006/09/03 16:37:24
Location: California, US
Contact:

Re: CentOS 4.8 iso signature missing

Post by toracat » 2009/08/31 15:29:23

There are sha1sums and md5sums. There may or may not be an "s" in their names, but those are the files you need to download.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: CentOS 4.8 iso signature missing

Post by pschaff » 2009/09/01 14:14:55

[code]
Index of /CentOS/4.8/isos/i386
Name Last modified Size Description
Parent Directory -
CentOS-4.8-i386-bin1of4.iso 04-Aug-2009 05:56 625M
CentOS-4.8-i386-bin1to4.torrent 18-Aug-2009 09:06 184K
CentOS-4.8-i386-bin2of4.iso 04-Aug-2009 05:56 639M
CentOS-4.8-i386-bin3of4.iso 04-Aug-2009 05:56 638M
CentOS-4.8-i386-bin4of4.iso 04-Aug-2009 05:56 442M
CentOS-4.8-i386-binDVD.torrent 18-Aug-2009 09:07 183K
md5sums 04-Aug-2009 12:06 309
md5sums.dvd 19-Aug-2009 10:09 61
sha1sums 04-Aug-2009 12:08 349
[/code]

hilti
Posts: 3
Joined: 2005/10/08 07:38:54

Re: CentOS 4.8 iso signature missing

Post by hilti » 2009/09/01 18:47:03

Have a look at the /CentOS/4.7/isos/i386/

It is the *.asc files that I am talking about. These files contain the gpg signatures.

Without these files I cannot verify if the CentOS team or some hacker has made the .iso files.

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: CentOS 4.8 iso signature missing

Post by pschaff » 2009/09/02 15:02:57

OK - now I see. The GPG signed files are missing. Please file a [url=http://bugs.centos.org/main_page.php]bug report[/url].

As an interim measure could fetch versions from multiple mirrors. It is highly unlikely that all have been hacked.

Post Reply