Version: (using KDE Devel) Installed from: Compiled sources When K3B calculates an MD5 checksum, it would be good to verify these against some kind of "authoritative source". For example, when burning ISOs of various distributions, the name is unique enough that the MD5 sums could be checked against a master list. There is a similar wishlist item for recording MD5s - see bug: 77432 (http://bugs.kde.org/show_bug.cgi?id=77432) However I'm more interested in cases where the ISO was already prepared. Naturally the MD5s need to come from somewhere. I envisage that K3B would ship with some of them, and others would be made available using KNewStuff.
I disagree with the use of knewstuff, because it will create a lot of work to keep track even of all the images in one central place since we then need to be sure that the md5 sums there are valid. Furthermore, this is generally not what is done for ensuring that images are what they claim to be. There is however a lot of merit in the idea of an authoritative source. The way this is done is by providing the image a .md5 and a .md5.asc file. The best way of not unloading work on a knewstuff maintainer is to do two things: 1) use the external .md5 file 2) integrate gpg/kgpg in order to verify the .md5 file
*** Bug 126441 has been marked as a duplicate of this bug. ***
Just an idea: It would yet be great check if MD5SUMS exists in the directory where the .iso is, and check against this.
a patch someone? ;)