[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: gpg checking downloads

Tom Horsley wrote:
> The torrents for the Fedora downloads include gpg signed
> checksum files (SHA1SUM for old releases, *-CHECKSUM for
> fedora 11 beta and wot-not).
> It would sure be handy to have instructions directly
> on the download pages that tell you how to actually
> verify the signature and check the checksums :-).

Well, the main get-fedora page does have a link to the verification
instructions┬╣ in the Resources block that is just to the right of the
download links.

The get-prerelease page doesn't have all of that detail, but I think
the general assumption is that the sort of folks who are comfortable
running the pre-releases are able to find their way to the
verification page (and to figure out the minor differences in
filenames and such between the F10 and F11 Beta release)

> Is this a good place to complain about that, or is
> another list or bugzilla component better?

See http://fedoraproject.org/wiki/Websites#Bugs

┬╣ https://fedoraproject.org/verify

Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
Honesty is the best policy, but insanity is a better defense.

Attachment: pgpONlRxrYNmR.pgp
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]