KolibriOS download media checksums and security.
Posted: Sat Jan 06, 2024 2:12 am
Hello and good evening.
Sorry if I'm posting in the wrong place but I'd like to do a 'feature request' of sorts. Please help me move this topic to the appropiate place if it's better suited somewhere else.
It would be better for security if the KolibriOS team also made available sha256/sha512 file checksums for the installation media that can be downloaded from the servers (latest-img.7z, latest-iso.7z, latest-distr.7z and latest-raw.7z). It would allow us, the users, to check for file integrity for in case of a corrupted download and since they are served through non-encrypted HTTP there is a small but non-zero risk of MITM. And in order to avoid something like this from ever happening I'd like to also request that the images also be PGP-signed by the development team for improved security.
Sorry if I'm posting in the wrong place but I'd like to do a 'feature request' of sorts. Please help me move this topic to the appropiate place if it's better suited somewhere else.
It would be better for security if the KolibriOS team also made available sha256/sha512 file checksums for the installation media that can be downloaded from the servers (latest-img.7z, latest-iso.7z, latest-distr.7z and latest-raw.7z). It would allow us, the users, to check for file integrity for in case of a corrupted download and since they are served through non-encrypted HTTP there is a small but non-zero risk of MITM. And in order to avoid something like this from ever happening I'd like to also request that the images also be PGP-signed by the development team for improved security.