SCHAER Frederic wrote: > Hi All, > > While I thank you for your answers, I'd just like to add that I'm no > Linux beginner... > > I just downloaded yet another *2* DVD images directly from Linux : - > one using > http://mirrors.fedoraproject.org/mirrorlist?path=pub/fedora/linux/releases/9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso&country=FR&redirect=1 > - the other one using the URL in my firefox download history : > ftp://fr2.rpmfind.net//linux/fedora/releases/9/Fedora/x86_64/iso/Fedora-9-x86_64-DVD.iso > I can confirm that the ISO on fr2.rpmfind.net is bad. However: I've fetched a good and a bad DVD, loopmounted both, and did a # diff -urN /mnt/good /mnt/bad and one file differs: Binary files good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm and bad/Packages/ eclipse-pde-3.3.2-11.fc9.x86_64.rpm differ Testing the signatures: mk@mk>rpm --checksig /mnt/good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm /mnt/good/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK mk@mk>rpm --checksig /mnt/bad/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm /mnt/bad/Packages/eclipse-pde-3.3.2-11.fc9.x86_64.rpm: (sha1) dsa sha1 MD5 GPG NOT OK So what's in eclipse-pde? It doesn't look "dangerous" to me - now if it were openssh AND had a good signature things would be different... Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: mk@xxxxxx Homepage: http://www.crc.dk -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
