SHA1 and 256 (again) :)

Rahul Sundaram sundaram at
Wed Nov 18 23:13:15 UTC 2009

On 11/19/2009 04:45 AM, Adam Williamson wrote:
> On Thu, 2009-11-19 at 03:59 +0530, Rahul Sundaram wrote:
>>> I think the above page needs to be updated to refer to SHA-256
>>> checksums. Also, both it and might
>>> benefit from explicitly mentioning the potential confusion between the
>>> signature algorithm and the checksum algorithm, until F13 is current.
>> As you can read from the link to fedora-websites list, updating that
>> documentation requires a Windows utility we can trust on.
> I disagree. The page could still be updated to say that the checksums
> are SHA-256, even before a Windows utility for checking such checksums
> is available. This would still be far more valuable (and accurate) than
> the current situation, in which the page is essentially lying to people
> by telling them the checksums are SHA-1. Don't make the perfect the
> enemy of the better. :)

I was responding to your earlier point about updating the document and
not the latter point about updating the verify website page. There is
nothing to disagree, really.


More information about the fedora-test-list mailing list