No mention is made in the install section of the Gentoo Handbook (see the URL associated with this bug) of the fact that the LiveCD (and now PackageCD) ISOs are GPG-signed. There is a paragraph on checking MD5 sums. I suggest the following revision: In case you wonder if your downloaded file is corrupted or not, you can check its MD5 checksum and compare it with the MD5 checksum we provide (such as install-x86-minimal-2004.1.iso.md5). You can check the MD5 checksum with the md5sum tool under Linux/Unix or md5summer for Windows. + Another way to check the validity of the downloaded file is to use GnuPG to + verify the cryptographic signature that we provide (such as + install-x86-minimal-2004.1.iso.asc). Download the signature file, then obtain + our public key: + + gpg --keyserver pgp.mit.edu --recv-keys 19462D47 + + Now, verify the signature: + + gpg --verify install-x86-minimal-2004.1.iso.asc \ + install-x86-minimal-2004.1.iso.asc + + If the signature is good, you should see something like the following: + + gpg: Signature made Mon Apr 19 18:54:40 2004 EDT using DSA key ID 19462D47 + gpg: Good signature from "John Davis (Gentoo Linux Developer) <zhen@gentoo.org>" + gpg: aka "Gentoo Linux Release Enginneering <releng@gentoo.org>" To burn the downloaded ISO(s), you have to select raw-burning. How you do this is highly program-dependent. We will discuss a couple of popular tools on how to do this.
Fixed in CVS. Thanks for the quick diff :)
