Michael A. Peters wrote:
> But it is always a good idea to verify checksum independent of the
> download agent.
>
> sha1sum is what Fedora (and I believe the Fedora respins) use.
> There will be a file you can download from Fedora or the respin
> community that has the sha1dum in it. Put it is the same directory
> as the downloaded iso. Then use sha1sum with the checksum file as
> the arguement, and it will verify that what you have is genuine.
Also worth noting is that the SHA1SUM file is signed using GPG (at
least for the official Fedora .isos). While checking the sha1sum will
assure you that the .iso downloaded completely, only by checking the
GPG signature can you be assured that the .iso is the official one
created by the Fedora project.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Life is the art of drawing without an eraser.
-- John Gardner
Attachment:
pgp2bV7wkAzTs.pgp
Description: PGP signature
