> Did you take a look here: https://www.debian.org/CD/verify , "Verifying authenticity of Debian CDs"?
Yes I did. It's incredibly confusing. It's written with assumed knowledge that a lot of users don't have. There are lots of hex strings with mysterious 3 letter abbreviations and no commands in sight. (And I don't even consider myself a novice.) Thanks Thomas, your explanation helps, let's see how I go. > The https protocol would add quite some overhead to the download of the iso-files Well we could have it on just the checksums files, that would be a negligible overhead. Checking a single checksum based on an https page seems far easier than verifying a file to verify a file to verify a file... Regards Matt (Sorry about the lack of pleasantries in my previous email. I haven't used these sorts of mailing lists before, so I just assumed it was all about going straight to business like on Stack Exchange.)
