On Tue, 2 Dec 2008, Máirín Duffy wrote:
> Till Maas wrote:
> > On Tue December 2 2008, Máirín Duffy wrote:
> > > Ricky Zhou wrote:
> > > > 22:10 < ricky> Somebody suggested that we have a link to
> > > > http://fedoraproject.org/verify on the get-fedora pages. I wonder where
> > > > that should go... 22:10 < ricky> Hopefully, we can make it fit in with
> > > > the friendliness of the page, if you know what I mean
> > > Before we add another link to the page, can we get a bit more of the
> > > context on how users are expected to interact with these sums? How often
> > > do users typically use these?
> >
> > Everytime users download a new iso image, they should verify it using the
> > SHA1SUM file to ensure that nobody tampered it.
>
This one's a two fold thing. The number of people that have access to
publish an iso as well as alter the verify page is actually very small (on
purpose).
I think this is one of those dirty little secrets where we publish the
information to keep ourselves safe but no one ever uses it. I'm not sure
if its because they don't care or don't know.
-Mike
--
Fedora-websites-list mailing list
Fedora-websites-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-websites-list
