Fedora 12 i386 DVD ISO Checksum File
Ricky Zhou
ricky at fedoraproject.org
Thu Nov 19 19:37:50 UTC 2009
On 2009-11-19 01:47:39 PM, Stewart Todd Morgan wrote:
> I am not sure if this is a developer issue or a website issue, so
> please forward it to the appropriate party. I downloaded the i386
> Fedora 12 ISO and downloaded the
> https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
> file from https://fedoraproject.org/en/verify. The hash in the
> checksum file is marked as SHA1, but the checksum actually appears to
> be an SHA256 checksum (according to the instructions on the web page
> and when I use sha256sum against the ISO). Some folks may be
> confused by the SHA1 marker in the checksum file, particularly if
> they don't both to read the instructions on the web page.
This is a common misconception. The Hash: SHA1 line is part of the
PGP signature. It has no relation to the sha256 checksum data in the
*-CHECKSUM files. https://fedoraproject.org/verify has details on how
to verify downloads and does point out that sha256sum is what should
be used.
We're discussing ways to make this clearer in future releases so that
folks don't mistake the PGP Hash header as the hash used for the .iso
images.
Thanks,
Ricky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091119/b696ec43/attachment.sig>
More information about the Fedora-websites-list
mailing list