Wolfgang S. Rupprecht wrote: > Woudld it be possible to do the signature using SHA256 also? On one > of the iso's I recently burned did have a checksum file with a gpg > SHA256 signature hash. That was enough to remind me that I should > be using the SHA256 for checksumming the iso.
Yes, that is generally a goal. The F-11 *-CHECKSUM files were signed
using a SHA-256 hash. One unfortunate effect of moving to the Sigul
signing server for F-12 is that controlling the hash used for gpg
signatures is more difficult and resulted in the default SHA-1 being
used.
However, while using SHA-256 every where is the goal, it's still good
to make people aware that the GPG Hash: header and the checksum used
for the .iso are not related at all. It seems that far too many
people make the mistaken assumption that they are. :/
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The trouble with being punctual is that nobody's there to appreciate
it.
-- Franklin P. Jones
pgpQY0270a6nf.pgp
Description: PGP signature
-- fedora-list mailing list [email protected] To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
