Wrong type of checksum listed in the checksum file
Todd Zullinger
tmz at pobox.com
Tue Nov 17 22:05:59 UTC 2009
aquaglow at gmail.com wrote:
> In the file Fedora-12-i686-Live-CHECKSUM (linked on
> https://fedoraproject.org/en/verify), it lists the Hash as being SHA1.
> Yet carrying out a "shasum -a 1" on the .iso gave me a checksum which
> looked too short. When I performed the checksum using SHA256 instead,
> it gave the correct value.
>
> Possibly the same mistake is in the other checksum files.
This is not a mistake. The 'Hash: SHA1' line is part of the GPG
signature. It has nothing to do with the type of checksum used in the
*-CHECKSUM files. Many people mistakenly assume that it does,
unfortunately. Perhaps we need to make that clear on the /verify page
so folks don't make the flawed assumption that these things are
related?
If you follow the documentation on https://fedoraproject.org/en/verify
all is well, as the page explicitly states that the sha256sum command
is what should be used.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I personally think we developed language because of our deep need to
complain.
-- Lily Tomlin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091117/41446ecf/attachment.sig>
More information about the Fedora-websites-list
mailing list