New Fedora 12 checksum are listed as SHA1 but are SHA256 Hash
Ricky Zhou
ricky at fedoraproject.org
Thu Nov 19 19:39:35 UTC 2009
On 2009-11-19 01:24:00 PM, V Stuart Foote wrote:
> The posted checksums to verify ISOs for at least the i386 ISOs
> suggests the Hash is SHA1, but the value is SHA256 for the
> Fedora-12-i386-DVD.iso, suspect they may all be SHA256
>
> https://fedoraproject.org/en/verify
>
> https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
>
> Probably should correct the mislabeled entry(s).
This is a common misconception. The Hash: SHA1 line is part of the
PGP signature. It has no relation to the sha256 checksum data in the
*-CHECKSUM files. https://fedoraproject.org/verify has details on how
to verify downloads and does point out that sha256sum is what should
be used.
We're discussing ways to make this clearer in future releases so that
folks don't mistake the PGP Hash header as the hash used for the .iso
images.
Thanks,
Ricky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-websites-list/attachments/20091119/a3318cfa/attachment.sig>
More information about the Fedora-websites-list
mailing list