What is the "proper" way to verify, say, a 'hd-media' debian installer image? E.g.
> ftp://ftp.us.debian.org/debian/dists/jessie/main/installer-amd64/20150422/images/hd-media/boot.img.gz I did find a way to 'manually' verify it, using the SHA256 checksum in > ftp://ftp.us.debian.org/debian/dists/jessie/main/installer-amd64/20150422/images/SHA256SUMS and in turn verifying the checksum of this SHA256SUMS file found in the jessie Release file (the same one that's gpg-verified by APT). I feel like I'm missing something, though. Is there some tool (part of APT, maybe?) that I'm supposed to use to fetch and verify files from this corner of the archive? Thanks! Have a great one, Daniel Gnoutcheff (P.S. please CC, not subscribed)
signature.asc
Description: OpenPGP digital signature
