SHA1 and 256 (again) :)

Adam Williamson awilliam at
Wed Nov 18 22:13:55 UTC 2009

On Thu, 2009-11-19 at 02:26 +0530, Rahul Sundaram wrote:
> On 11/19/2009 02:20 AM, Scott Robbins wrote:
> > On Wed, Nov 18, 2009 at 12:30:37AM -0500, Scott Robbins wrote:
> > 
> > As suspect, there's already posts on the forums about this.  (Smugly
> > mutters, "told ya so".  :)
> > 
> > Seriously, someone pointed out that some docmentation, the docs for
> > burning CD's seem to indicate that one should use sha1.   
> > 
> > 
> >
> > 
> > That should probably get fixed--I'm not sure if I have write access, and
> > I don't have a Windows machine to test the instructions, so someone?
> Refer to
> Note that changing HASH: SHA1 to anything else in the top of the file
> will make the gpg check fail since it writes it out that way. So it's
> sort of a tricky issue to solve. Not sloppiness.

To be clear, I think the documentation page that Scott linked talks
about SHA-1 not because someone misread the checksum file but simply
because it's _old_. It was written at a time when the checksums actually
where SHA-1. Note the reference to Fedora 7.

I think the above page needs to be updated to refer to SHA-256
checksums. Also, both it and might
benefit from explicitly mentioning the potential confusion between the
signature algorithm and the checksum algorithm, until F13 is current.

Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org

More information about the fedora-test-list mailing list