SHA1 and 256 (again) :)

[Scott Robbins]

On Wed, Nov 18, 2009 at 10:23:55PM -0500, Todd Zullinger wrote:
> Adam Williamson wrote:
> 


> Unfortunately, this didn't happen in time for Fedora 12.  But seeing
> that it's been broken since Fedora 11, another week or two shouldn't
> kill us. :)

It won't kill us, but sheesh, you should see some of the comments on the
forums.  :)  It really only becomes an issue during a new release.  

As I said in my original post, it's a relatively minor issue--the
majority of folks who don't know how to use google will post a complaint
in the forums and get their answer--sometimes sympathetic, sometimes
rude, but they'll get their answer. 


>     NOTE: Please don't confuse the 'Hash:' line in the *CHECKSUM file,
>     (which is part of the PGP signature) with the type of hash
>     algorithm used to verify the .iso files
> 
> might only server to add confusion to those who weren't already
> confused.  I think many of the users who were confused downloaded via
> the torrents and likely never saw the fp.o/verify page at all anyway.

I agree with that.  A very simple comment, such as your suggestion,
should be ample, and cause less confusion than a detailed explanation. 
(I'm leaving in your suggestion for those who missed it the first time.)
:)

> 
> I think something along the lines of:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> To verify the file(s) listed below, run:
> 
>     sha256sum -c Fedora-12-i686-Live-CHECKSUM'
> 
> See https://fedoraproject.org/verify for more details.

-- 
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Spike: So when do we destroy the world, already?