On 2009-11-19 01:24:00 PM, V Stuart Foote wrote: > The posted checksums to verify ISOs for at least the i386 ISOs > suggests the Hash is SHA1, but the value is SHA256 for the > Fedora-12-i386-DVD.iso, suspect they may all be SHA256 > > https://fedoraproject.org/en/verify > > https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM > > Probably should correct the mislabeled entry(s). This is a common misconception. The Hash: SHA1 line is part of the PGP signature. It has no relation to the sha256 checksum data in the *-CHECKSUM files. https://fedoraproject.org/verify has details on how to verify downloads and does point out that sha256sum is what should be used. We're discussing ways to make this clearer in future releases so that folks don't mistake the PGP Hash header as the hash used for the .iso images. Thanks, Ricky
Attachment:
pgp3rLyyaPJIV.pgp
Description: PGP signature
-- Fedora-websites-list mailing list Fedora-websites-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-websites-list
