[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is this the real Fedora 11? I ask because of the file dates...



Fernando Cassia wrote:
> I was answering to the user on this list. I wasn´t suggesting that
> Red Hat or Fedora.org points to that blog.

:)  I'd still hesitate to recommend it here.  If you trust a binary
provided by some random blogger's site, why not trust the .iso files
from a random mirror?

> Surely. I just compiled a win32 version ofa a GPL linux utility with
> Cygwin minutes ago.

Of course, we'd want to not require Cygwin, but compile a native Win32
executable.  But yeah, you get the idea.

I've got very little interest in Windows, so I'm not likely to take
this tangent.  If you (or anyone else here) happen to feel like
spending a little time, it might be worth opening a ticket against the
webmaster component with instructions on how to build a native
sha256sum.exe in Fedora.

https://fedorahosted.org/fedora-infrastructure/

Or, mail webmaster fedoraproject org 

I do think it could be a helpful thing to do.  It just needs someone
that cares a bit about it to follow up on it. :)

>> What about https://fedoraproject.org/verify ?
>
> That would be nice. But also, a text file on the file repositories
> explaining the files verification process would be nice.
>
> Call me old-fashioned, but I´m used  to the time when every FTP site
> had a "00_index.txt" file contained a "ls -lR" of the whole file
> tree and also a README file on each folder explaining what was in
> there.

That comes from a time when people spent more time just poking around
FTP sites.  These days, I doubt many people downloading a Fedora .iso
stumbled on it that way.  They are far more likely to have followed a
link from the Fedora website, which also has links to the verify page.

> Likewise, including a tiny text file alongside the iso images would
> help answer the obvious question to someone whom has just downloaded
> the file(s) "Great, now how do I verify these images are OK?".

Adding a text file means keeping track of the same instructions in yet
another place, which means when the process changes we could easily
end up with outdated instructions.  I think people that are serious
about verifying their .iso will take the time to follow the web links
to the verify page and will appreciate that they can use https to do
so.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grant me the senility to forget the people I never liked anyway, the
good fortune to run into the ones I do, and the eyesight to tell the
difference.

Attachment: pgpvOtMvvoX8X.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]