Rick Stevens wrote: > This has been discussed before on the list. > > The header indicates that the checksum file _itself_ was signed with > an SHA1 checksum. The checksums _inside_ the checksum file are the > SHA256 checksums of the various .iso images.
And this is why we added the large red warning about this to the web page on verification: https://fedoraproject.org/verify :) -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Finagle's Second Law: No matter what the anticipated result, there will always be someone eager to (a) misinterpret it, (b) fake it, or (c) believe it happened according to his own pet theory. -- Anonymous
pgpwxKvmv45pp.pgp
Description: PGP signature
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
