Hello, dear Fedora community! I have downloaded Fedora Everything netinst from CLOSEST MIRRORS. I do not know what are these mirrors, but there are closest, at least these anaconda noticed. What is the probability that I have caught viruses? Before installing, I have checked my checksum and I have downloaded Fedora Everything netinst from alt.fedoraproject.com. I think my checksum is normal. But anyway, how are fedora CLOSEST MIRRORS safe enough?
If you downloaded a bad image the checksum will not match and you know not to trust the image.
If the checksum does match then the mirror provided you the same image that Fedora released and signed.
1 Like
Each and every package downloaded from any mirror are signed by a Fedora gpg certificate. Therefore you can know that the package are built by Fedora and nothing could have tampered with it.
2 Likes
I have downloaded netinst iso from alt.fedoraproject.org. Then I have started installing and noticed that Anaconda chose CLOSEST MIRRORS for downloading packages. I could not to see these CLOSEST MIRRORS. And I do not know are they safe or not. As I have understood, my checksum is normal.
Is the checksum is correct you have nothing to worry about.
All the mirrors are believed to be good.
1 Like
Anyway, all images (iso) on fedoraproject.org and alt.fedoraproject.org are safe and have normal checksum, right?
And one more question about Fedora Workstation and Spins. Do Fedora Workstation and Spins, like sway download packages from CLOSEST MIRRORS as netinst do it, or Fedora developers add specific config in workstation and spins for downloading packages from official site or something like that?
The installation doesn’t get anything from the internet, but after installation you should update your system, and that involves downloading packages from the nearest mirror.
1 Like