SHA1 and 256 (again) :)

Adam Williamson awilliam at
Wed Nov 18 23:46:34 UTC 2009

On Thu, 2009-11-19 at 04:43 +0530, Rahul Sundaram wrote:
> On 11/19/2009 04:45 AM, Adam Williamson wrote:
> > On Thu, 2009-11-19 at 03:59 +0530, Rahul Sundaram wrote:
> > 
> >>> I think the above page needs to be updated to refer to SHA-256
> >>> checksums. Also, both it and might
> >>> benefit from explicitly mentioning the potential confusion between the
> >>> signature algorithm and the checksum algorithm, until F13 is current.
> >>
> >> As you can read from the link to fedora-websites list, updating that
> >> documentation requires a Windows utility we can trust on.
> > 
> > I disagree. The page could still be updated to say that the checksums
> > are SHA-256, even before a Windows utility for checking such checksums
> > is available. This would still be far more valuable (and accurate) than
> > the current situation, in which the page is essentially lying to people
> > by telling them the checksums are SHA-1. Don't make the perfect the
> > enemy of the better. :)
> I was responding to your earlier point about updating the document and
> not the latter point about updating the verify website page. There is
> nothing to disagree, really.

Um. I'm still saying the page should be updated
immediately. I wasn't talking about the verify page in the bit you
quoted above. Apologies if that wasn't clear.

Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org

More information about the fedora-test-list mailing list