To expand on what sunrat shared, since you already have the Debian 11 installation iso, simply verifying that it is untampered with by running a checksum you can ascertain that it is indeed safe. You don't need to trust the download source at all, in this case.
The --ignore-missing switch will have sha512sum skip hashes for iso files that you haven't downloaded, providing a clean and simple readout. sha512/sha256 interchangeable depending on the hash sums file you have available.
Further, we probably want a degree of trust that the signer of the hash sums file is indeed one of the Debian signing keys.
Make sure the key fingerprint matches one of the fingerprints posted up at Verifying authenticity of Debian images.
Code:
sha512sum -c --ignore-missing SHA512SUMSFurther, we probably want a degree of trust that the signer of the hash sums file is indeed one of the Debian signing keys.
Code:
gpg --no-default-keyring --keyring /usr/share/keyrings/debian-role-keys.gpg --verify SHA512SUMS.signStatistics: Posted by Uptorn — 2024-05-15 18:06 — Replies 2 — Views 51