Aldo Foot wrote: > The filename "Fedora-11-i386-CHECKSUM" is arbitrary. You can call it > anything you want as long as it has the contents of the GPG key > provided by the distro[1], just click on the checksum link and copy > its contents to a text file. > > [1] http://mirrors.kernel.org/fedora/releases/11/Fedora/i386/iso/ At the risk of causing more confusion, I don't think that's correct. The contents of the GPG key are _not_ included in the *CHECKSUM files. The contents are the sha256sum hashes of the files in release, and they are signed with gpg so that you can first verify that the CHECKSUM file came from the Fedora Project and then feel confident using the file to verify the checksums of the .iso files. The steps to do this are covered at https://fedoraproject.org/verify . -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Life swings like a pendulum backward and forward between pain and boredom. -- Arthur Schopenhauer
Attachment:
pgpi8PzfNm8RL.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines