SHA1 and 256 (again) :)
Adam Williamson
awilliam at redhat.com
Wed Nov 18 23:46:34 UTC 2009
On Thu, 2009-11-19 at 04:43 +0530, Rahul Sundaram wrote:
> On 11/19/2009 04:45 AM, Adam Williamson wrote:
> > On Thu, 2009-11-19 at 03:59 +0530, Rahul Sundaram wrote:
> >
> >>> I think the above page needs to be updated to refer to SHA-256
> >>> checksums. Also, both it and https://fedoraproject.org/en/verify might
> >>> benefit from explicitly mentioning the potential confusion between the
> >>> signature algorithm and the checksum algorithm, until F13 is current.
> >>
> >> As you can read from the link to fedora-websites list, updating that
> >> documentation requires a Windows utility we can trust on.
> >
> > I disagree. The page could still be updated to say that the checksums
> > are SHA-256, even before a Windows utility for checking such checksums
> > is available. This would still be far more valuable (and accurate) than
> > the current situation, in which the page is essentially lying to people
> > by telling them the checksums are SHA-1. Don't make the perfect the
> > enemy of the better. :)
>
> I was responding to your earlier point about updating the document and
> not the latter point about updating the verify website page. There is
> nothing to disagree, really.
Um. I'm still saying the docs.fedoraproject.org page should be updated
immediately. I wasn't talking about the verify page in the bit you
quoted above. Apologies if that wasn't clear.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the test
mailing list