On Thu, 2009-11-19 at 04:43 +0530, Rahul Sundaram wrote:
On 11/19/2009 04:45 AM, Adam Williamson wrote:
On Thu, 2009-11-19 at 03:59 +0530, Rahul Sundaram wrote:
I think the above page needs to be updated to refer to SHA-256 checksums. Also, both it and https://fedoraproject.org/en/verify might benefit from explicitly mentioning the potential confusion between the signature algorithm and the checksum algorithm, until F13 is current.
As you can read from the link to fedora-websites list, updating that documentation requires a Windows utility we can trust on.
I disagree. The page could still be updated to say that the checksums are SHA-256, even before a Windows utility for checking such checksums is available. This would still be far more valuable (and accurate) than the current situation, in which the page is essentially lying to people by telling them the checksums are SHA-1. Don't make the perfect the enemy of the better. :)
I was responding to your earlier point about updating the document and not the latter point about updating the verify website page. There is nothing to disagree, really.
Um. I'm still saying the docs.fedoraproject.org page should be updated immediately. I wasn't talking about the verify page in the bit you quoted above. Apologies if that wasn't clear.