MD5 checksums for images

David Pottage david at
Tue Jan 13 10:04:34 CET 2009

On Mon, January 12, 2009 9:13 pm, Rui Miguel Silva Seabra wrote:
> On Mon, Jan 12, 2009 at 06:46:35PM +0100, Fernando Martins wrote:
>> I've downloaded images for om2008.12, FSO and SHR and something that
>> puzzles me is the lack of MD5 checksums on these repositories. The sums
>> would just take a couple of minutes to put there, so I'm wondering if
>> there is some other check going on by dfu before flashing??
> Whoever cares about MD5 checksums, nowadays, is putting up a farse, at
> least demand SHA256 ;)

The point of MD5 checksums is to check for download errors, truncated
files or the repository maintainer uploading the wrong file somehow.

It is not to protect us from black hats who might somehow replace a
correct image with a malware infected one. (If they are able to do that,
they can replace the md5sums file a the same time).

Anyway, MD5 sum checking is done automaticaly in many tools, and most
people are familiar with the commands to check MD5 sums, so if the images
come with MD5 sums they will be checked easily. If they come with another
sort of checksum, it will be harder to check, for no real benefit.

David Pottage

Error compiling committee.c To many arguments to function.

More information about the community mailing list