12
ISO verification (lemmy.world)
submitted 6 months ago by bitahcold@lemmy.world to c/archlinux@lemmy.ml

Hello guys, I'm using Arch as a newbie. Learning about it. But worried about a thing. When I was creating the bootable media for install it, I downloaded the .iso and .iso.sig from any mirror that is near. I followed the things about verification of .iso but I got some errors and gave up. Just used the iso I didn't verificated. I am using the OS that iso installed. There is nothing wrong with usage. I can access all the things about Arch, not had any problems and any performance issues. No special internet usage, no broken things etc. but I'm a bit worried about is there any malicious software such as keyloggers, mining softwares... Can I verify my Arch after the installation? Can I see if there is any software malicious via htop-bpytop? Should I create the bootable media again with verification and reinstall my Arch?

you are viewing a single comment's thread
view the rest of the comments
[-] CameronDev@programming.dev 2 points 5 months ago

Using a theoretically backdoored OS to verify anything is pointless.

The backdoored OS can just bypass the checks.

https://wiki.c2.com/?TheKenThompsonHack

this post was submitted on 21 May 2024
12 points (92.9% liked)

Arch Linux

7761 readers
13 users here now

The beloved lightweight distro

founded 4 years ago
MODERATORS