gpg checking downloads
Todd Zullinger
tmz at pobox.com
Sat Apr 4 02:16:16 UTC 2009
Tom Horsley wrote:
> The torrents for the Fedora downloads include gpg signed
> checksum files (SHA1SUM for old releases, *-CHECKSUM for
> fedora 11 beta and wot-not).
>
> It would sure be handy to have instructions directly
> on the download pages that tell you how to actually
> verify the signature and check the checksums :-).
Well, the main get-fedora page does have a link to the verification
instructions¹ in the Resources block that is just to the right of the
download links.
The get-prerelease page doesn't have all of that detail, but I think
the general assumption is that the sort of folks who are comfortable
running the pre-releases are able to find their way to the
verification page (and to figure out the minor differences in
filenames and such between the F10 and F11 Beta release)
> Is this a good place to complain about that, or is
> another list or bugzilla component better?
See http://fedoraproject.org/wiki/Websites#Bugs
¹ https://fedoraproject.org/verify
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Honesty is the best policy, but insanity is a better defense.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20090403/2c2946cf/attachment-0001.bin
More information about the users
mailing list