Page 1 of 1

Re: [CLOSED] Signed ISOs

Posted: Fri Feb 08, 2019 8:19 am
by erikdubois
An MD5SUM is check enough to see if it is coming from me.
Just one person who builds them.
Just one person who puts them online.
Just one person that checks my md5sum is the same as the one online.
EVERY single time the md5sum has been the same since the launch of ArchMerge on September 2017.
SO yes it is a bit paranoid to think something would be wrong with it.
Signing would be like adding another check on a system that is already checked.