Fernando Cassia wrote: > I was answering to the user on this list. I wasn´t suggesting that > Red Hat or Fedora.org points to that blog. :) I'd still hesitate to recommend it here. If you trust a binary provided by some random blogger's site, why not trust the .iso files from a random mirror? > Surely. I just compiled a win32 version ofa a GPL linux utility with > Cygwin minutes ago. Of course, we'd want to not require Cygwin, but compile a native Win32 executable. But yeah, you get the idea. I've got very little interest in Windows, so I'm not likely to take this tangent. If you (or anyone else here) happen to feel like spending a little time, it might be worth opening a ticket against the webmaster component with instructions on how to build a native sha256sum.exe in Fedora. https://fedorahosted.org/fedora-infrastructure/ Or, mail webmaster fedoraproject org I do think it could be a helpful thing to do. It just needs someone that cares a bit about it to follow up on it. :) >> What about https://fedoraproject.org/verify ? > > That would be nice. But also, a text file on the file repositories > explaining the files verification process would be nice. > > Call me old-fashioned, but I´m used to the time when every FTP site > had a "00_index.txt" file contained a "ls -lR" of the whole file > tree and also a README file on each folder explaining what was in > there. That comes from a time when people spent more time just poking around FTP sites. These days, I doubt many people downloading a Fedora .iso stumbled on it that way. They are far more likely to have followed a link from the Fedora website, which also has links to the verify page. > Likewise, including a tiny text file alongside the iso images would > help answer the obvious question to someone whom has just downloaded > the file(s) "Great, now how do I verify these images are OK?". Adding a text file means keeping track of the same instructions in yet another place, which means when the process changes we could easily end up with outdated instructions. I think people that are serious about verifying their .iso will take the time to follow the web links to the verify page and will appreciate that they can use https to do so. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Grant me the senility to forget the people I never liked anyway, the good fortune to run into the ones I do, and the eyesight to tell the difference.
Description: PGP signature