Rahul Sundaram wrote: > On 11/18/2009 01:10 PM, susmit shannigrahi wrote: >> Can you please help with this? >> Thanks. >> >> ---------- Forwarded message ---------- >> From: Jeff Shepherd >> Date: Wed, Nov 18, 2009 at 1:07 PM >> Subject: [Fedora-freemedia-list] SHA1 vs SHA256... >> To: fedora-freemedia-list@xxxxxxxxxx >> >> >> Is it just me, or are the checksums to verify the Fedora 12 discs >> incorrectly listed here on these pages: >> >> https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM >> https://fedoraproject.org/static/checksums/Fedora-12-x86_64-CHECKSUM > > Refer to > > https://www.redhat.com/archives/fedora-test-list/2009-November/msg00820.html I think that thread is talking about some other page than the one that confused Jeff. In particular, this thread refers to changing some string value on a page from "SHA1" to "SHA256." 1. If you alter a GPG-signed message, you've just screwed the signature, since most of the value of the signature comes from being able to verify that no one has changed the message. 2. Maybe it hasn't replicated, but I still see "SHA1" when I look at the pages Jeff referenced. And BTW that's a good thing. Or am I the one confused? I'm looking at only those pages Jeff lists above. _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
