Hi Andrew, Andrew W. Hagen wrote: > Hello, I was just downloading Fedora off your site. I tried to > verify the download. The downloads did not verify. For example, > > Fedora-12-i386-DVD.iso > > as downloaded has a SHA-1 checksum of > > 0dc8ed436f0b44874454a379e8de5ad057c0115d > > but under the verify section, > > https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM > > you say that its "SHA-1" checksum is > > f0ad929cd259957e160ea442eb80986b5f01daaffdbcc7e5a1840a666c4447c7 > > As you can see, the two checksums don't even have the same length. > > The checksum you posted does match the SHA-256 checksum of the file, > however. > > If you post SHA-256 checksums, and not SHA-1 checksums please note > that. It will save people time. Thank you. There is a large note on https://fedoraproject.org/verify about this: Please note that the Hash: SHA1 line in the CHECKSUM file is part of the PGP signature. It does not specify the type of hash used to verify the .iso files. Many people are confused by this and we plan to include text in the CHECKSUM files themselves for future releases to make it clearer. Thanks, -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A budget is just a method of worrying before you spend money, as well as afterward.
Attachment:
pgpalxh4PKrrG.pgp
Description: PGP signature
-- websites mailing list websites@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/websites
