On Tue, 2008-12-02 at 16:55 -0500, Máirín Duffy wrote: > But do they do this? I certainly don't. Who's to say if someone > compromised the ISO downloads that the SHA1SUM files were also not > compromised?
The SHA1SUM files are gpg signed with the same key that the rpms themselves are signed with. -- Jesse Keating Fedora -- Freedom² is a feature! identi.ca: http://identi.ca/jkeating
signature.asc
Description: This is a digitally signed message part
-- Fedora-websites-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-websites-list
