On 2009-11-19 01:47:39 PM, Stewart Todd Morgan wrote: > I am not sure if this is a developer issue or a website issue, so > please forward it to the appropriate party. I downloaded the i386 > Fedora 12 ISO and downloaded the > https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM > file from https://fedoraproject.org/en/verify. The hash in the > checksum file is marked as SHA1, but the checksum actually appears to > be an SHA256 checksum (according to the instructions on the web page > and when I use sha256sum against the ISO). Some folks may be > confused by the SHA1 marker in the checksum file, particularly if > they don't both to read the instructions on the web page. This is a common misconception. The Hash: SHA1 line is part of the PGP signature. It has no relation to the sha256 checksum data in the *-CHECKSUM files. https://fedoraproject.org/verify has details on how to verify downloads and does point out that sha256sum is what should be used. We're discussing ways to make this clearer in future releases so that folks don't mistake the PGP Hash header as the hash used for the .iso images. Thanks, Ricky
Attachment:
pgp5psjcHg0BK.pgp
Description: PGP signature
-- Fedora-websites-list mailing list Fedora-websites-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-websites-list
