Fedora 12 live cd sha sum
Todd Zullinger
tmz at pobox.com
Wed Nov 18 02:40:04 UTC 2009
> On Wed, 18 Nov 2009, Cameron Cross wrote:
>
>> i downloaded the torrent for fedora 12 live cd and the sha sum
>> thing is labeled as sha1 when it is actually sha256. That could
>> confuse people
>>
>> eg.
>>
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> 5ad27455df004ee23fbc5a05dfa039a14e59956dccf4e767d493601e0bfa4001 Fedora-12-i686-Live.iso
>> -----BEGIN PGP SIGNATURE-----
>>
>>
>> sha256sum ./Fedora-12-i686-Live.iso
>> 5ad27455df004ee23fbc5a05dfa039a14e59956dccf4e767d493601e0bfa4001
>> /home/cameron/Download/Fedora-12-i686-Live/Fedora-12-i686-Live.iso
>>
>> sha1sum ./Fedora-12-i686-Live.iso
>> daf4b3ea2322dfee9a473099557ac9ed7c6d3159 /home/cameron/Download/Fedora-12-i686-Live/Fedora-12-i686-Live.iso
This is a common misconception. The Hash: SHA1 line is part of the
PGP signature. It has no relation to the sha256 checksum data in the
*-CHECKSUM files. https://fedoraproject.org/verify has details on how
to verify downloads and does point out that sha256sum is what should
be used.
We're discussing ways to make this clearer in future releases so that
folks don't mistake the PGP Hash header as the hash used for the .iso
images.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
It is easier to destroy an atomic nucleus than a prejudice.
-- Albert Einstein (1879-1955)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091117/4971ef9f/attachment.sig>
More information about the Fedora-websites-list
mailing list