FWD: [Fedora-freemedia-list] SHA1 vs SHA256...
Allen Kistler
an037-ooai8 at yahoo.com
Wed Nov 18 09:42:13 UTC 2009
Rahul Sundaram wrote:
> On 11/18/2009 01:10 PM, susmit shannigrahi wrote:
>> Can you please help with this?
>> Thanks.
>>
>> ---------- Forwarded message ----------
>> From: Jeff Shepherd
>> Date: Wed, Nov 18, 2009 at 1:07 PM
>> Subject: [Fedora-freemedia-list] SHA1 vs SHA256...
>> To: fedora-freemedia-list at redhat.com
>>
>>
>> Is it just me, or are the checksums to verify the Fedora 12 discs
>> incorrectly listed here on these pages:
>>
>> https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
>> https://fedoraproject.org/static/checksums/Fedora-12-x86_64-CHECKSUM
>
> Refer to
>
> https://www.redhat.com/archives/fedora-test-list/2009-November/msg00820.html
I think that thread is talking about some other page than the one that
confused Jeff. In particular, this thread refers to changing some
string value on a page from "SHA1" to "SHA256."
1. If you alter a GPG-signed message, you've just screwed the signature,
since most of the value of the signature comes from being able to verify
that no one has changed the message.
2. Maybe it hasn't replicated, but I still see "SHA1" when I look at the
pages Jeff referenced. And BTW that's a good thing.
Or am I the one confused? I'm looking at only those pages Jeff lists above.
More information about the infrastructure
mailing list