Re: Fedora 12 sha1sum
Wolfgang S. Rupprecht wrote: Woudld it be possible to do the signature using SHA256 also? On one of the iso's I recently burned did have a checksum file with a gpg SHA256 signature hash. That was enough to remind me that I should be using the SHA256 for checksumming the iso. Yes, that is generally a goal. The F-11 *-CHECKSUM files were signed using a SHA-256 hash. One unfortunate effect of moving to the Sigul signing server for F-12 is that controlling the hash used for gpg signatures is more difficult and resulted in the default SHA-1 being used. However, while using SHA-256 every where is the goal, it's still good to make people aware that the GPG Hash: header and the checksum used for the .iso are not related at all. It seems that far too many people make the mistaken assumption that they are. :/ -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones pgpQY0270a6nf.pgp Description: PGP signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Fedora 12 sha1sum
Hi I have downloaded twice Fedora-12-x86_64-DVD.iso, under some abnormal network conditions. I also download Fedora-12-x86_64-CHECKSUM file where the sha1sum for the DVD iso file is c899659b8a7ceb8f005fc1a300b4e21c984a48fd7b8d8a332ed24bf8c3c479e8 *Fedora-12- x86_64-DVD.iso when I verify the sha1sum for the twice download files I get the same value in both cases: $ sha1sum f12/Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 f12/Fedora-12-x86_64-DVD.iso $ sha1sum Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 Fedora-12-x86_64-DVD.iso Any explanation ? Felipe Nunez -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Fedora 12 sha1sum
--- On Sat, 11/21/09, Felipe Nunez gatopa...@codetel.net.do wrote: From: Felipe Nunez gatopa...@codetel.net.do Subject: Fedora 12 sha1sum To: fedora-list@redhat.com Date: Saturday, November 21, 2009, 1:34 PM #yiv142420809 p, #yiv142420809 li {white-space:pre-wrap;} Hi I have downloaded twice Fedora-12-x86_64-DVD.iso, under some abnormal network conditions. I also download Fedora-12-x86_64-CHECKSUM file where the sha1sum for the DVD iso file is c899659b8a7ceb8f005fc1a300b4e21c984a48fd7b8d8a332ed24bf8c3c479e8 *Fedora-12-x86_64-DVD.iso when I verify the sha1sum for the twice download files I get the same value in both cases: $ sha1sum f12/Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 f12/Fedora-12-x86_64-DVD.iso $ sha1sum Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 Fedora-12-x86_64-DVD.iso Any explanation ? Felipe Nunez -Inline Attachment Follows- Felipe, There was a change to sha256sum , please run $ sha256sum Fed* and see if they match or not? Hope this helps. Regards, Antonio -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Fedora 12 sha1sum
Antonio Olivares wrote: --- On Sat, 11/21/09, Felipe Nunez gatopa...@codetel.net.do wrote: [...] when I verify the sha1sum for the twice download files I get the same value in both cases: $ sha1sum f12/Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 f12/Fedora-12-x86_64-DVD.iso $ sha1sum Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 Fedora-12-x86_64-DVD.iso [...] There was a change to sha256sum , please run $ sha256sum Fed* and see if they match or not? We got so many questions on this that we added a large red note to the top of https://fedoraproject.org/verify telling folks that the 'Hash: SHA1' line is part of the PGP signature and has nothing to do with the type of checksum used for verifying the .iso. For future releases, the *-CHECKSUM files will include some instructions and, likely, a link to https://fedoraproject.org/verify to (hopefully) make this clearer. -- ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~ Whenever you find yourself on the side of the majority, it is time to pause and reflect. -- Mark Twain pgpcAmYIPmfCo.pgp Description: PGP signature -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Fedora 12 sha1sum
Todd Zullinger wrote: Antonio Olivares wrote: --- On Sat, 11/21/09, Felipe Nunez gatopa...@codetel.net.do wrote: [...] when I verify the sha1sum for the twice download files I get the same value in both cases: $ sha1sum f12/Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 f12/Fedora-12-x86_64-DVD.iso $ sha1sum Fedora-12-x86_64-DVD.iso 97a018ba32d43d0e76d032834fe7562bffe8ceb3 Fedora-12-x86_64-DVD.iso [...] There was a change to sha256sum , please run $ sha256sum Fed* and see if they match or not? We got so many questions on this that we added a large red note to the top of https://fedoraproject.org/verify telling folks that the 'Hash: SHA1' line is part of the PGP signature and has nothing to do with the type of checksum used for verifying the .iso. For future releases, the *-CHECKSUM files will include some instructions and, likely, a link to https://fedoraproject.org/verify to (hopefully) make this clearer. Which will be great for those of us that just download stuff and check the checksums without reading any instructions! I was a little concerned about the checksum not matching on the i386 disc1 iso (I rsync all the rest and install of my own repo servers), and decided to check the list before crying for help! For a change I actually found a thread with the answer (normally I just don't use the right search info). -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
Re: Fedora 12 sha1sum
Todd Zullinger t...@pobox.com writes: We got so many questions on this that we added a large red note to the top of https://fedoraproject.org/verify telling folks that the 'Hash: SHA1' line is part of the PGP signature and has nothing to do with the type of checksum used for verifying the .iso. Woudld it be possible to do the signature using SHA256 also? On one of the iso's I recently burned did have a checksum file with a gpg SHA256 signature hash. That was enough to remind me that I should be using the SHA256 for checksumming the iso. -wolfgang -- Wolfgang S. Rupprecht If the airwaves belong to the public why does the public only get 3 non-overlapping WIFI channels? -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines