Hi Robert, Robert McIntyre wrote: > I am using HasCalc and I believe that your web page: > https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM > > Provides invalid information. The hash below is a SHA256 Vice a SHA1 > as stated in the quote below from your > https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM > web page Pleas advise if I am correct. The Hash: SHA1 line in the checksum file is part of the PGP signature. It has no relation to the data that is signed (which is indeed a SHA-256 checksum of the Fedora ISO images). This is a very common misconception. The main verification page at https://fedoraproject.org/verify even contains a very bold note at the top: "Please note that the Hash: SHA1 line in the CHECKSUM file is part of the PGP signature. It does not specify the type of hash used to verify the .iso files." For future releases, the plan is to add further instructions directly to the checksum files to try and minimize such confusion. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Don't take life seriously, you'll never get out alive.
Attachment:
pgpqAQrrjKHOu.pgp
Description: PGP signature
-- Fedora-websites-list mailing list Fedora-websites-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-websites-list
