SHA1 and 256 (again) :)
Rahul Sundaram
sundaram at fedoraproject.org
Wed Nov 18 23:13:15 UTC 2009
On 11/19/2009 04:45 AM, Adam Williamson wrote:
> On Thu, 2009-11-19 at 03:59 +0530, Rahul Sundaram wrote:
>
>>> I think the above page needs to be updated to refer to SHA-256
>>> checksums. Also, both it and https://fedoraproject.org/en/verify might
>>> benefit from explicitly mentioning the potential confusion between the
>>> signature algorithm and the checksum algorithm, until F13 is current.
>>
>> As you can read from the link to fedora-websites list, updating that
>> documentation requires a Windows utility we can trust on.
>
> I disagree. The page could still be updated to say that the checksums
> are SHA-256, even before a Windows utility for checking such checksums
> is available. This would still be far more valuable (and accurate) than
> the current situation, in which the page is essentially lying to people
> by telling them the checksums are SHA-1. Don't make the perfect the
> enemy of the better. :)
I was responding to your earlier point about updating the document and
not the latter point about updating the verify website page. There is
nothing to disagree, really.
Rahul
More information about the fedora-test-list
mailing list