gpg checking downloads
Todd Zullinger
tmz at pobox.com
Sat Apr 4 03:08:53 UTC 2009
Tom Horsley wrote:
> The torrents for the Fedora downloads include gpg signed
> checksum files (SHA1SUM for old releases, *-CHECKSUM for
> fedora 11 beta and wot-not).
>
> It would sure be handy to have instructions directly
> on the download pages that tell you how to actually
> verify the signature and check the checksums :-).
It'd be easy enough to add a small box, as on the get-fedora-all page,
that says "After downloading an ISO, verify it" with a link to the
verify page.
The one issue that would remain is that the filenames have changed
since the previous releases and I'm not sure that it's best to change
the verify text to reflect that just yet. If we did, it would be
confusing to folks looking to verify their download of the stable F10
release. If we wait until F11 is the stable release, I think it may
be acceptable to let folks downloading an older release figure out
that the filenames need changing, I think. (This is more or less what
I tried to say the other day¹.)
¹ https://www.redhat.com/archives/fedora-websites-list/2009-April/msg00001.html
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sometimes the majority only means that all the fools are on the same
side.
-- Michael W. Smith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20090403/d30005f9/attachment.sig>
More information about the Fedora-websites-list
mailing list