On Tue, 2008-12-02 at 16:55 -0500, Máirín Duffy wrote:
But do they do this? I certainly don't. Who's to say if
someone
compromised the ISO downloads that the SHA1SUM files were also not
compromised?
The SHA1SUM files are gpg signed with the same key that the rpms
themselves are signed with.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca:
http://identi.ca/jkeating