The torrents for the Fedora downloads include gpg signed checksum files (SHA1SUM for old releases, *-CHECKSUM for fedora 11 beta and wot-not).
It would sure be handy to have instructions directly on the download pages that tell you how to actually verify the signature and check the checksums :-). Is this a good place to complain about that, or is another list or bugzilla component better? (copied this from my fedora-list posting, might want to check the thread for additional replies) https://www.redhat.com/archives/fedora-list/2009-April/msg00403.html -- Fedora-websites-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-websites-list
