On Fri, 2011-01-21 at 10:41 +1030, Tim wrote: > On Thu, 2011-01-20 at 11:22 -0500, MÃirÃn Duffy wrote: > > From talking to numerous novice users in the design of the site I'm > > not convinced that a checksum file is something that novice users are > > aware of or much concerned about. > > Ignorance is no excuse, as they old saying goes, and it's something that > needs brought to their attention, with the full how and why. > > > The main download link points directly to Fedora's main server, not a > > mirror, so they'd be downloading the checksum from the same source as > > the payload anyway. > > And the non-main download links...? Novice users most likely won't use those. > It was always the recommendation, before, to not download from the main > site, to spread the load around the mirrors. Yeh, it was our intention to have mirror manager generate a URL for those download buttons that made the most sense given geographical location, but that got dropped due to not having the time. It would be worth bringing up again. > > > When you burn the iso to media it has a built-in media check as well > > which would protect against corruption > > Only against corruptions at that point, not against malicious damage. > If someone's capable of releasing a compromised ISO, they're capable of > making it claim to pass its own self checks. Agreed completely, I was just pointing out that if media corruption was a concern the checksums addressed that there was another way (as ignored as it typically is) to complete that without the checksums. It doesn't replace assurances against malicious tampering for sure. ~m -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines