Till Maas wrote: > It would also help to add an explanation about how to use the > *-CHECKSUM files within the checksum file, e.g. above the list of > sha256 checksums. Agreed. I asked Jesse Keating about this yesterday and he said he had a ticket opened to do so. > Btw. for F11 there was also SHA256 used to gpg sign the files, but I > do not know, why this was changed back to SHA1. I reopened a bug > report about it: https://bugzilla.redhat.com/show_bug.cgi?id=493126 This has to do with moving to sigul. Apparently it's a pain to use gpg config files with sigul, and that's the only way to set the sha256 preference (at least, gpgme and therefore pygpgme cannot do this without a config file). It is interesting to find just how many people conflate the PGP Hash header with the checksum used for the data in the *CHECKSUM files. Clearly, far too few people know much about PGP. :( -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Liberty is always dangerous, but it is the safest thing we have. -- Harry Emerson Fosdick
Attachment:
pgp2jCKbep272.pgp
Description: PGP signature
-- Fedora-websites-list mailing list Fedora-websites-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-websites-list
