Make Sure That the Original File has Not Been Messed With

You need to be cautious when downloading any software from the internet. Because open source software is free, and others are free to distribute it, many web sites make open source software available for download.

Software May be Modified

It is possible for open source software to be modified to include unwanted, security-compromising features, or bundled with malicious software such as virus or malware.

Verify the Integrity

To verify the integrity of the file, the open source software sites provide a verification code called checksum (also called file digest or in technical terms MD5 Checksum, Hash or SHA1 Hash). For example, the OpenOffice installation instructions say "To check the integrity of the file that you have downloaded, please refer to the md5sums linked from the download page". 

md5deep

md5deep is a free open source program that allows you to check the file integrity. You can download md5deep free from here. Please note that this is a command line program. Once you download the software, you can run md5deep on it to generate the checksum. If it matches the one provided by the web site, then you can be sure that the file has not been modified.

However, be aware that you can check file integrity only if the web site of the software that you are downloading provides the MD5 checksum value.

Please read our Precautions FAQ before downloading.