<br><br><div class="gmail_quote">On Tue, Jun 9, 2009 at 8:51 PM, Todd Zullinger <span dir="ltr"><<a href="mailto:tmz@pobox.com">tmz@pobox.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">Fernando Cassia wrote:<br>
> See here<br>
> <a href="http://blog.nfllab.com/archives/152-Win32-native-md5sum,-sha1sum,-sha256sum-etc..html" target="_blank">http://blog.nfllab.com/archives/152-Win32-native-md5sum,-sha1sum,-sha256sum-etc..html</a><br>
><br>
> Google is your friend. :)<br>
<br>
</div>I wouldn't say that downloading an executable from some blog is the<br>
best thing to recommend. </blockquote><div><br>I was answering to the user on this list. I wasn´t suggesting that Red Hat or Fedora.org points to that blog.<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Especially not if the goal is to check the<br>
integrity of the Fedora .iso images.<br>
<br>
I'm not sure what to recommend for Windows users honestly. With the<br>
recent work that has gone into Fedora to allow cross-compiling windows<br>
binaries, it might be possible to build an sha256sum.exe that could be<br>
hosted on <a href="http://fedoraproject.org" target="_blank">fedoraproject.org</a>. </blockquote><div><br>Surely. I just compiled a win32 version ofa a GPL linux utility with Cygwin minutes ago.<br> </div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
That might be a little more trustworthy<br>
for us to suggest Windows users use to verify the .iso file we<br>
distribute.<br>
<div class="im"><br>
> PS: Adding a "checksum-verification.txt´text file explaining that<br>
> users need to use sha256sum, and where to obtain it, would be cool.<br>
<br>
</div>What about <a href="https://fedoraproject.org/verify" target="_blank">https://fedoraproject.org/verify</a> ?</blockquote><div><br>That would be nice. But also, a text file on the file repositories explaining the files verification process would be nice. <br>
<br>Call me old-fashioned, but I´m used to the time when every FTP site had a "00_index.txt" file contained a "ls -lR" of the whole file tree and also a README file on each folder explaining what was in there.<br>
<br>Likewise, including a tiny text file alongside the iso images would help answer the obvious question to someone whom has just downloaded the file(s) "Great, now how do I verify these images are OK?".<br><br>
FC<br><br></div></div><br>