F12 checksum is sha256 not sha1
Todd Zullinger
tmz at pobox.com
Wed Nov 18 01:36:17 UTC 2009
Hi Fahad,
FAD Linux wrote:
> I just want to mention that the checksum file has the type of hash
> as SHA1 while it is actually SHA256.
>
> https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
> ----------------------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
The 'Hash: SHA1' line is part of the GPG signature. It has nothing to
do with the type of checksum used in the *-CHECKSUM files. Many
people mistakenly assume that it does, unfortunately. Perhaps we need
to make that clear on the /verify page so folks don't make the flawed
assumption that these things are related?
If you follow the documentation on https://fedoraproject.org/en/verify
all is well, as the page explicitly states that the sha256sum command
is what should be used -- and those instructions are correct.
Thanks for checking though.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The problem with politics isn't the money; it's the power.
-- Harry Browne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091117/4bd48d39/attachment.sig>
More information about the Fedora-websites-list
mailing list