Project

General

Profile

Feature #9043

Bug #7552: Firefox extension to automatically verify the ISO checksum

Bug #6851: Fix ISO verification using checksum

Feature #8849: Technical specifications for ISO verification extension

Check whether BitTorrent clients do proper hash verification

Added by sajolida about 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Installation
Target version:
-
Start date:
03/10/2015
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Research
Blueprint:
Starter:
Affected tool:
ISO Verification Extension

Description

If they do and if you get a correct .torrent file from our website, then basic ISO verification using checksum is not need. In such a case we could consider skipping the ISO verification extension for Torrent downloads.


Related issues

Related to Tails - Feature #8832: Assistant: Removing signature from Torrent Rejected 02/02/2015

History

#1 Updated by sajolida about 4 years ago

But on the other hand people also offer third-party torrent, like this one from DistroWatch http://distrowatch.com/weekly.php?issue=20150309#torrent :(

#2 Updated by sajolida about 4 years ago

  • Status changed from Confirmed to Resolved
  • Assignee deleted (sajolida)

I did two things but couldn't find any worrying news about that from the Internet:

  • A quick search using the keywords "bittorrent", "hash", "verification", "security", "implementation", etc.
  • A search for "hash" and "verif" in the archived and unarchived Debian bugs for `transmission`, `azureus`, `bittornado`, `deluge`, `ktorrent`, `qbittorrent`.

Only `rtorrent` had bugs about "hash" (three), the most serious being #348017, fixed in 2007.

So this seems to be handled quite seriously.

I'm very tempted to propose to the user to choose between:

  • Either using the Firefox extension (which will do checksum verification).
  • Either BitTorrent download (which does checksum verification as well).

#3 Updated by sajolida about 4 years ago

  • Related to Feature #8832: Assistant: Removing signature from Torrent added

Also available in: Atom PDF