Hi Robert,
Robert McIntyre wrote:
I am using HasCalc and I believe that your web page:
https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
Provides invalid information. The hash below is a SHA256 Vice a SHA1
as stated in the quote below from your
https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
web page Pleas advise if I am correct.
The Hash: SHA1 line in the checksum file is part of the PGP signature.
It has no relation to the data that is signed (which is indeed a
SHA-256 checksum of the Fedora ISO images).
This is a very common misconception. The main verification page at
https://fedoraproject.org/verify even contains a very bold note at the
top:
"Please note that the Hash: SHA1 line in the CHECKSUM file is part
of the PGP signature. It does not specify the type of hash used to
verify the .iso files."
For future releases, the plan is to add further instructions directly
to the checksum files to try and minimize such confusion.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't take life seriously, you'll never get out alive.