Download Mageia 5 dual DVD

$ # You need both iso and checksum file in the same folder
$ md5sum -c Mageia-5-dual-DVD.iso.md5
Mageia-5-dual-DVD.iso: OK 

$ sha1sum -c Mageia-5-dual-DVD.iso.sha1
Mageia-5-dual-DVD.iso: OK 

$ # You can also compare checksum directly from this web page without checksum file
$ md5sum Mageia-5-dual-DVD.iso
a7e50a7c59f74bd972bb3df840519994  Mageia-5-dual-DVD.iso 

$ sha1sum Mageia-5-dual-DVD.iso
d4fda6600188e701a967eefe271ffc4a02bf7df7  Mageia-5-dual-DVD.iso 

If checksums do not match, DO NOT use this ISO. Double-check and try to download again.

You can also verify the signature of an ISO. They are also available for download as files: Mageia-5-dual-DVD.iso.md5.gpg and Mageia-5-dual-DVD.iso.sha1.gpg. First you need to import the "Mageia Release" key from a PGP Public Key Server:

$ gpg --keyserver keyserver.ubuntu.com --recv-keys EDCA7A90

In response there should be one of the following lines:

gpg: key EDCA7A90: public key "Mageia Release <release@mageia.org>" imported

or if you already imported the key before:

gpg: key EDCA7A90: "Mageia Release <release@mageia.org>" not changed

Then you need to verify the signature for the ISO.

$ gpg --verify Mageia-5-dual-DVD.iso.sha512.gpg Mageia-5-dual-DVD.iso.sha512

In response there should be lines like:

gpg: Good signature from "Mageia Release <release@mageia.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B210 76A0 CBE4 D93D 66A9  D08D 835E 41F4 EDCA 7A90

The warning about uncertified signature is expected.