Verifying Purchased DVDs

CRhode's picture


I have a shiny new set of three Wheezy DVDs (no packing instructions). Each has its own *md5sums* text file, and I'm able to verify that against the DVD contents, so the media is in good condition.

How may I verify that the *md5sums* files are the right ones?

I suppose the way to do this is from an independent source. The only things I've found online are the *.iso files for the DVDs and their associated *md5sum*, et al, files and *.sign files, not the *md5sums.sign* files for the *md5sums* for the DVD(s) components.

Should I *dd* the media surface to reconstruct the *.iso from the media and expect to run a valid checksum on that? (And forget the *.sign verification?)

Or does the Debian Installer actually call home to verify checksums of DVD components automatically? (And how do I know I have a valid installer?)

We are all paranoid now (Aren't we?) about weaponized exploits that our elected government(s) are deploying on our very own desktops, so I would think that more caution is warranted now than ever before.

Maybe I should trust the Debian DVD publisher?

Rhetorical question (Please answer for extra credit.): Why don't the Debian developers spoon-feed the verification procedures to the user base? I would think one short script would cover most situations.