Re: Fedora 12 sha1sum

2009-11-22 Thread Todd Zullinger 
Wolfgang S. Rupprecht wrote:
 Woudld it be possible to do the signature using SHA256 also?  On one
 of the iso's I recently burned did have a checksum file with a gpg
 SHA256 signature hash.  That was enough to remind me that I should
 be using the SHA256 for checksumming the iso.

Yes, that is generally a goal.  The F-11 *-CHECKSUM files were signed
using a SHA-256 hash.  One unfortunate effect of moving to the Sigul
signing server for F-12 is that controlling the hash used for gpg
signatures is more difficult and resulted in the default SHA-1 being
used.

However, while using SHA-256 every where is the goal, it's still good
to make people aware that the GPG Hash: header and the checksum used
for the .iso are not related at all.  It seems that far too many
people make the mistaken assumption that they are. :/

-- 
ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
The trouble with being punctual is that nobody's there to appreciate
it.
-- Franklin P. Jones



pgpQY0270a6nf.pgp
Description: PGP signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Fedora 12 sha1sum

2009-11-21 Thread Felipe Nunez 
Hi
   I  have downloaded twice Fedora-12-x86_64-DVD.iso, under some abnormal 
network conditions. I also download  Fedora-12-x86_64-CHECKSUM  file
where the sha1sum for the DVD iso file is
c899659b8a7ceb8f005fc1a300b4e21c984a48fd7b8d8a332ed24bf8c3c479e8 *Fedora-12-
x86_64-DVD.iso

when I verify the sha1sum  for the twice download files I get the same value in 
both cases:
$ sha1sum f12/Fedora-12-x86_64-DVD.iso 
97a018ba32d43d0e76d032834fe7562bffe8ceb3  f12/Fedora-12-x86_64-DVD.iso
$ sha1sum Fedora-12-x86_64-DVD.iso 
97a018ba32d43d0e76d032834fe7562bffe8ceb3  Fedora-12-x86_64-DVD.iso

 Any explanation ?


Felipe Nunez
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Fedora 12 sha1sum

2009-11-21 Thread Antonio Olivares 


--- On Sat, 11/21/09, Felipe Nunez gatopa...@codetel.net.do wrote:

 From: Felipe Nunez gatopa...@codetel.net.do
 Subject: Fedora 12 sha1sum
 To: fedora-list@redhat.com
 Date: Saturday, November 21, 2009, 1:34 PM
 
 
 #yiv142420809 p, #yiv142420809 li {white-space:pre-wrap;}
  
 Hi
 
   I  have downloaded twice Fedora-12-x86_64-DVD.iso, under
 some abnormal network conditions. I also download 
 Fedora-12-x86_64-CHECKSUM  file
 where
 the sha1sum for the DVD iso file is
 c899659b8a7ceb8f005fc1a300b4e21c984a48fd7b8d8a332ed24bf8c3c479e8
 *Fedora-12-x86_64-DVD.iso
 
 when I verify the sha1sum
  for the twice download files I get the same value in both
 cases:
 $
 sha1sum f12/Fedora-12-x86_64-DVD.iso 
 97a018ba32d43d0e76d032834fe7562bffe8ceb3
  f12/Fedora-12-x86_64-DVD.iso
 $
 sha1sum Fedora-12-x86_64-DVD.iso 
 97a018ba32d43d0e76d032834fe7562bffe8ceb3
  Fedora-12-x86_64-DVD.iso
 
 
 Any explanation ?
 
 
 Felipe
 Nunez
 -Inline Attachment Follows-


Felipe,

There was a change to sha256sum , please run 
$ sha256sum Fed*
and see if they match or not?

Hope this helps.

Regards,

Antonio 


  

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Fedora 12 sha1sum

2009-11-21 Thread Todd Zullinger 
Antonio Olivares wrote:
 --- On Sat, 11/21/09, Felipe Nunez gatopa...@codetel.net.do wrote:
[...]
 when I verify the sha1sum
  for the twice download files I get the same value in both
 cases:
 $
 sha1sum f12/Fedora-12-x86_64-DVD.iso
 97a018ba32d43d0e76d032834fe7562bffe8ceb3
  f12/Fedora-12-x86_64-DVD.iso
 $
 sha1sum Fedora-12-x86_64-DVD.iso
 97a018ba32d43d0e76d032834fe7562bffe8ceb3
  Fedora-12-x86_64-DVD.iso
[...]
 There was a change to sha256sum , please run
 $ sha256sum Fed*
 and see if they match or not?

We got so many questions on this that we added a large red note to the
top of https://fedoraproject.org/verify telling folks that the 'Hash:
SHA1' line is part of the PGP signature and has nothing to do with the
type of checksum used for verifying the .iso.

For future releases, the *-CHECKSUM files will include some
instructions and, likely, a link to https://fedoraproject.org/verify
to (hopefully) make this clearer.

-- 
ToddOpenPGP - KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
Whenever you find yourself on the side of the majority, it is time to
pause and reflect.
-- Mark Twain



pgpcAmYIPmfCo.pgp
Description: PGP signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Fedora 12 sha1sum

2009-11-21 Thread Robert Moskowitz 

Todd Zullinger wrote:

Antonio Olivares wrote:
  

--- On Sat, 11/21/09, Felipe Nunez gatopa...@codetel.net.do wrote:


[...]
  

when I verify the sha1sum
 for the twice download files I get the same value in both
cases:
$
sha1sum f12/Fedora-12-x86_64-DVD.iso
97a018ba32d43d0e76d032834fe7562bffe8ceb3
 f12/Fedora-12-x86_64-DVD.iso
$
sha1sum Fedora-12-x86_64-DVD.iso
97a018ba32d43d0e76d032834fe7562bffe8ceb3
 Fedora-12-x86_64-DVD.iso
  

[...]
  

There was a change to sha256sum , please run
$ sha256sum Fed*
and see if they match or not?



We got so many questions on this that we added a large red note to the
top of https://fedoraproject.org/verify telling folks that the 'Hash:
SHA1' line is part of the PGP signature and has nothing to do with the
type of checksum used for verifying the .iso.

For future releases, the *-CHECKSUM files will include some
instructions and, likely, a link to https://fedoraproject.org/verify
to (hopefully) make this clearer.
  


Which will be great for those of us that just download stuff and check 
the checksums without reading any instructions!


I was a little concerned about the checksum not matching on the i386 
disc1 iso (I rsync all the rest and install of my own repo servers), and 
decided to check the list before crying for help!  For a change I 
actually found a thread with the answer (normally I just don't use the 
right search info).



--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Fedora 12 sha1sum

2009-11-21 Thread Wolfgang S. Rupprecht 

Todd Zullinger t...@pobox.com writes:
 We got so many questions on this that we added a large red note to the
 top of https://fedoraproject.org/verify telling folks that the 'Hash:
 SHA1' line is part of the PGP signature and has nothing to do with the
 type of checksum used for verifying the .iso.

Woudld it be possible to do the signature using SHA256 also?  On one of
the iso's I recently burned did have a checksum file with a gpg SHA256
signature hash.  That was enough to remind me that I should be using the
SHA256 for checksumming the iso.

-wolfgang
-- 
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines