MD5 sums for new CVS packages

Gerard Beekmans gerard at
Fri Jan 3 03:38:03 PST 2003

On January 3, 2003 02:21 am, Carsten Gehrke wrote:
> Hmm, my concern was actually that I wanted to make sure the files had not
> been tampered with.  I think I got everything from, but couldn't
> find any PGP/GPG signatures there.  MD5 fingerprints on the same server are
> worthless.  If obtained from a different source, they are better than
> nothing.  Otherwise, I wait about a week to see if any reports of
> compromises occur.  For some packages, I have contacted the author
> directly, but in this case there are too many.  I was hoping someone here
> on the list might have copies of these files and could run MD5 on them.

I got the source from too so it doesn't mean much if the packages 
were compromised. And I repack all downloaded packages (often they're not 
.bz2 yet) so MD5SUMS are different. All I can do is download the stuff from and give you the MD5SUMS as I download them but that doesn't give 
you much of a guarantee, does it.

Gerard Beekmans

-*- If Linux doesn't have the solution, you have the wrong problem -*-
Unsubscribe: send email to listar at
and put 'unsubscribe lfs-support' in the subject header of the message

More information about the lfs-support mailing list