| Summary: | Verify all images instead of only selected distro images | ||
|---|---|---|---|
| Product: | [Applications] isoimagewriter | Reporter: | gudvinr+kde |
| Component: | general | Assignee: | Jonathan Riddell <jr> |
| Status: | REPORTED --- | ||
| Severity: | wishlist | ||
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Arch Linux | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
|
Description
gudvinr+kde
2023-08-29 23:34:14 UTC
Alas every distro does it differently, I couldn't find any consistent pattern. One could try to make an attempt at all verification methods for a given ISO but I'm not sure how useful that would be Hard coding for limited set of images is a terrible solution. It's not sustainable simply because maintainers can switch to other verification methods at any time. Also has zero scalability because each and every change requires to rebuild an app. I am suggesting opposite of trying to find any kind of pattern across distro images simply because verification process has nothing to do with ISO and doesn't care about content of the file. And FILE verification (as opposed to ISO verification) more often than not follows quite strict rule since utils that produce hashes have pretty standard output format (sha256sum, md5sum, etc). So, there's no need to guess and if file with given pattern exist then use it. If it doesn't then allow user to provide some sort of signature. |