F12 checksum is sha256 not sha1
Todd Zullinger
tmz at pobox.com
Wed Nov 18 13:18:37 UTC 2009
Till Maas wrote:
> It would also help to add an explanation about how to use the
> *-CHECKSUM files within the checksum file, e.g. above the list of
> sha256 checksums.
Agreed. I asked Jesse Keating about this yesterday and he said he had
a ticket opened to do so.
> Btw. for F11 there was also SHA256 used to gpg sign the files, but I
> do not know, why this was changed back to SHA1. I reopened a bug
> report about it: https://bugzilla.redhat.com/show_bug.cgi?id=493126
This has to do with moving to sigul. Apparently it's a pain to use
gpg config files with sigul, and that's the only way to set the sha256
preference (at least, gpgme and therefore pygpgme cannot do this
without a config file).
It is interesting to find just how many people conflate the PGP Hash
header with the checksum used for the data in the *CHECKSUM files.
Clearly, far too few people know much about PGP. :(
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Liberty is always dangerous, but it is the safest thing we have.
-- Harry Emerson Fosdick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091118/62b15b1b/attachment.sig>
More information about the Fedora-websites-list
mailing list