how do I verify that the the checksum is correct?
Todd Zullinger
tmz at pobox.com
Sat Feb 3 04:12:14 UTC 2007
Michael A. Peters wrote:
> But it is always a good idea to verify checksum independent of the
> download agent.
>
> sha1sum is what Fedora (and I believe the Fedora respins) use.
> There will be a file you can download from Fedora or the respin
> community that has the sha1dum in it. Put it is the same directory
> as the downloaded iso. Then use sha1sum with the checksum file as
> the arguement, and it will verify that what you have is genuine.
Also worth noting is that the SHA1SUM file is signed using GPG (at
least for the official Fedora .isos). While checking the sha1sum will
assure you that the .iso downloaded completely, only by checking the
GPG signature can you be assured that the .iso is the official one
created by the Fedora project.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
======================================================================
Life is the art of drawing without an eraser.
-- John Gardner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20070202/78b0b9b0/attachment-0001.sig>
More information about the fedora-list
mailing list