i download and installed ( manjaro-kde-20.1.2-201019-linux58.iso) but after using it a few weeks i tried to verify the sha1 and it did not match the official sha1 provided in the download folder
is it possible that i downloaded and installed a prehacked iso?
if so what my actions should be?
ps:
my sha1 : 85d64290fa50aee4082e75bd604cc0b78a924a7b
official sha1 : 17e909dbf3001b8bee1834e8a90de3799343cc7b
The checksum serves the primary purpose of ensuring the downloaded file is complete by comparing checksum generated at deploy time with the checksum of the downloaded file.
It can happen the maintainer forget to generate new checksum and just uploading the new ISO.
If the ISO was downloaded from Manjaro poject at OSN and the checksum do not match and the ISO works as expected then it is most likely a human error.
On the other hand - if you did not download from Manjaro project and checksum do not match then you have reason for concern.
You can double check using the signature file located in the same folder.
Just downloaded that image, checksum matches the one on the site, signature is valid.
Maybe your download was faulty?
Eg. Some parts of it had errors while downloading using a web browser.
I keep seeing people complaining about the SHA1 sum. I’m going to assume the last person to update the download links failed to update any of the sums.
I am responding in-line, as it is on topic.
I recently downloaded the Gnome 21.0.5 iso from the official manjaro site whilst using proton VPN. The SHA1 was incorrect after multiple attempts. I then disconnected from the VPN and retried which solved the issue.
Just wondering what the reason for this may be, and if this can be expected when running through a VPN.