We have to design the recommended procedure to validate the integrity of the downloaded image.
Considering the way the checksums are stored on ftp.a.o and mirrors, the simplest way is just to put SHA1 sum (and, possibly, MD5 sum) of the image onto the download page. This would involve considerable redesign of the links list.
We also need an instruction describing how to download the checksum files and verify them against release manager's GPG key. It should be put somewhere (altlinux.org?) and we should add a link to it.
We have to design the recommended procedure to validate the integrity of the downloaded image.
Considering the way the checksums are stored on ftp.a.o and mirrors, the simplest way is just to put SHA1 sum (and, possibly, MD5 sum) of the image onto the download page. This would involve considerable redesign of the links list.
We also need an instruction describing how to download the checksum files and verify them against release manager's GPG key. It should be put somewhere (altlinux.org?) and we should add a link to it.