Hi Andrew,
Andrew W. Hagen wrote:
Hello, I was just downloading Fedora off your site. I tried to
verify the download. The downloads did not verify. For example,
Fedora-12-i386-DVD.iso
as downloaded has a SHA-1 checksum of
0dc8ed436f0b44874454a379e8de5ad057c0115d
but under the verify section,
https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
you say that its "SHA-1" checksum is
f0ad929cd259957e160ea442eb80986b5f01daaffdbcc7e5a1840a666c4447c7
As you can see, the two checksums don't even have the same length.
The checksum you posted does match the SHA-256 checksum of the file,
however.
If you post SHA-256 checksums, and not SHA-1 checksums please note
that. It will save people time. Thank you.
There is a large note on
https://fedoraproject.org/verify about this:
Please note that the Hash: SHA1 line in the CHECKSUM file is part
of the PGP signature. It does not specify the type of hash used to
verify the .iso files.
Many people are confused by this and we plan to include text in the
CHECKSUM files themselves for future releases to make it clearer.
Thanks,
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL:
www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
A budget is just a method of worrying before you spend money, as well
as afterward.