> On Wed, 18 Nov 2009, Cameron Cross wrote: > >> i downloaded the torrent for fedora 12 live cd and the sha sum >> thing is labeled as sha1 when it is actually sha256. That could >> confuse people >> >> eg. >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> 5ad27455df004ee23fbc5a05dfa039a14e59956dccf4e767d493601e0bfa4001 >> Fedora-12-i686-Live.iso >> -----BEGIN PGP SIGNATURE----- >> >> >> sha256sum ./Fedora-12-i686-Live.iso >> 5ad27455df004ee23fbc5a05dfa039a14e59956dccf4e767d493601e0bfa4001 >> /home/cameron/Download/Fedora-12-i686-Live/Fedora-12-i686-Live.iso >> >> sha1sum ./Fedora-12-i686-Live.iso >> daf4b3ea2322dfee9a473099557ac9ed7c6d3159 >> /home/cameron/Download/Fedora-12-i686-Live/Fedora-12-i686-Live.iso
This is a common misconception. The Hash: SHA1 line is part of the PGP signature. It has no relation to the sha256 checksum data in the *-CHECKSUM files. https://fedoraproject.org/verify has details on how to verify downloads and does point out that sha256sum is what should be used. We're discussing ways to make this clearer in future releases so that folks don't mistake the PGP Hash header as the hash used for the .iso images. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ It is easier to destroy an atomic nucleus than a prejudice. -- Albert Einstein (1879-1955)
pgpmVsInLzLNm.pgp
Description: PGP signature
-- Fedora-websites-list mailing list Fedora-websites-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-websites-list
