On Tue, 2009-03-31 at 15:19 -0700, Jesse Keating wrote:
On Tue, 2009-03-31 at 18:01 -0400, Robert P. J. Day wrote:
> they don't look like normal 160-bit SHA1 values.
The file headers are misleading. The gpg signature used is a sha1 size,
but the checksum of the files themselves are actually sha256. Next time
we gpg sign checksum files we'll be sure to use a sha256 gpg signature.
The hash sizes are correct for SHA256, but the values I compute for the
source ISO images using sha256sum under RHEL5 are all different from
those in Fedora-11-Beta-source-CHECKSUM. How did that happen??
--Doc Savage
Fairview Heights, IL