On Tue, Jun 16, 2009 at 5:17 PM, Todd Zullinger <[email protected]> wrote:
> Aldo Foot wrote: > > The filename "Fedora-11-i386-CHECKSUM" is arbitrary. You can call it > > anything you want as long as it has the contents of the GPG key > > provided by the distro[1], just click on the checksum link and copy > > its contents to a text file. > > > > [1] http://mirrors.kernel.org/fedora/releases/11/Fedora/i386/iso/ > > At the risk of causing more confusion, I don't think that's correct. > The contents of the GPG key are _not_ included in the *CHECKSUM files. > The contents are the sha256sum hashes of the files in release, and > they are signed with gpg so that you can first verify that the > CHECKSUM file came from the Fedora Project and then feel confident > using the file to verify the checksums of the .iso files. Is there a sha256sum for the GPG signature of the sha256sum of the files??? Sorry, couldnĀ“t resist. ;<VBG> FC
-- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
