SHA1 and 256 (again) :)

Adam Williamson awilliam at redhat.com
Wed Nov 18 23:15:06 UTC 2009


On Thu, 2009-11-19 at 03:59 +0530, Rahul Sundaram wrote:

> > I think the above page needs to be updated to refer to SHA-256
> > checksums. Also, both it and https://fedoraproject.org/en/verify might
> > benefit from explicitly mentioning the potential confusion between the
> > signature algorithm and the checksum algorithm, until F13 is current.
> 
> As you can read from the link to fedora-websites list, updating that
> documentation requires a Windows utility we can trust on.

I disagree. The page could still be updated to say that the checksums
are SHA-256, even before a Windows utility for checking such checksums
is available. This would still be far more valuable (and accurate) than
the current situation, in which the page is essentially lying to people
by telling them the checksums are SHA-1. Don't make the perfect the
enemy of the better. :)

-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net




More information about the test mailing list