Re: Download verification broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 05/01/2016 09:48 AM, Corey Sheldon wrote: > On 04/27/2016 09:10 PM, Dan Haskell wrote: >> Downloaded iso of the server edition. Tried to verify following >> instructions and failed. First your key is not certified. > >>> gpg --verify-files Fedora-Server-23-x86_64-CHECKSUM >> gpg: Signature made Fri 30 Oct 2015 01:31:05 PM PDT using RSA >> key ID 34EC9CBA gpg: Good signature from "Fedora (23) >> " [unknown] gpg: WARNING: >> This key is not certified with a trusted signature! gpg: >> There is no indication that the signature belongs to the owner. >> Primary key fingerprint: EF45 5106 80FB 0232 6B04 5AFB 3247 4CF8 >> 34EC 9CBA > >> Second, it appears to be the wrong key(?) > >>> ls >> Fedora-Server-23-x86_64-CHECKSUM >> Fedora-Server-DVD-x86_64-23.iso > >>> sha256sum -c Fedora-Server-23-x86_64-CHECKSUM >> Fedora-Server-DVD-x86_64-23.iso: OK sha256sum: >> Fedora-Server-netinst-x86_64-23.iso: No such file or directory >> Fedora-Server-netinst-x86_64-23.iso: FAILED open or read >> sha256sum: WARNING: 20 lines are improperly formatted sha256sum: >> WARNING: 1 listed file could not be read > > >> Couldn't you just provide a md5sum instead? The gpg stuff is >> cool and all, but when it fails... give us something to work >> with. Clicked on support, but it's just a link to a BUNCH of >> forums. Not helpful. > >> Dan > > >> -- websites mailing list websites@lists.fedoraproject.org >> http://lists.fedoraproject.org/admin/lists/websites@lists.fedoraproje c > >> t.org > Dan, > > First > > thanks for your concern and actually checking the files. > > > 1) The not signed by a trusted signature is on your end , see > the [unknown] at the end of this line: > > gpg: Good signature from "Fedora (23) >> " [unknown] > > That indicates the signature is valid however is NOT in your > local key-store as a trusted key (aka Set Owner Trust is set to > unknown / I do not know ) > > > As a add-on to Robert's reply: > > 2) the part of using a md5 from a security stance is a no-go, > reason being multi-fold * md5 is known easy to spoof -- kinda > defeats the purpose of using it doesn't it. * sha256 is > irreversible crypto that takes Owner / time-stamp and source file > and verifies all three with the generation and check. * if you > wish to have a md5 for local use running (sha256sum to confirm > ISOs are in fact genuine) > > "sha256sum {base_dir}/Fedora-Server-DVD-x86_64-23.iso" and > "sha256sum {base_dir}/Fedora-Server-netinst-x86_64-23.iso" THEN > > ''md5sum {base_dir}/Fedora-Server-DVD-x86_64-23.iso > > /some_local_use_hash_store" and > > "md5sum {base_dir}/Fedora-Server-netinst-x86_64-23.iso > > /some_local_use_hash_store" > > however for the reasons aforementioned the official project page > will not be providing md5sums for its official General > Availability release (or any release) ISOs sorry. > > In addition failing to make available md5sum helps us prevent > being on the unlucky end of incidents like the folks that provide > Linux Mint Back in February [1] > > > > [1] http://blog.linuxmint.com/?p=2994 > > > ---Warm Regards --- Corey Sheldon P: +1 (310) 909 7672 PGP: > B54B7228 (keybase) | 5A88E539 (personal) | D2264944 (fedora) > https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 > > Disclaimer: This document, including attachments, is intended for > the person(s) named within and may contain confidential and/or > legally privileged information, and may occasionally include > Intellectual Property / Embargoed Content. it is request that all > emails regardless of topic or content are regarded in this manner. > Unauthorized disclosure, copying / distribution of this information > may be unlawful and is prohibited, including unsolicited Cc/Bcc. If > you are not the intended recipient, please disregard and destroy > this message and if the recipient is known to you please inform > them, and a return email indicating a improper recipient IS > requested so that I may remove you from any lists, conversations > such error may have created / allowed. Use of OpenGPG keys are > highly encouraged my keys can be found @ hkp://keys.gnupg.net & > hkp://keys.fedoraproject.org -- websites mailing list > websites@lists.fedoraproject.org > http://lists.fedoraproject.org/admin/lists/websites@lists.fedoraprojec t.org > > - -- - --- Warm Regards --- Corey Sheldon P: +1 (310) 909 7672 PGP: B54B7228 (keybase) | 5A88E539 (personal) | D2264944 (fedora) https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 Disclaimer: This document, including attachments, is intended for the person(s) named within and may contain confidential and/or legally privileged information, and may occasionally include Intellectual Property / Embargoed Content. it is request that all emails regardless of topic or content are regarded in this manner. Unauthorized disclosure, copying / distribution of this information may be
Re: Download verification broken
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 04/27/2016 09:10 PM, Dan Haskell wrote: > Downloaded iso of the server edition. Tried to verify following > instructions and failed. First your key is not certified. > >> gpg --verify-files Fedora-Server-23-x86_64-CHECKSUM > gpg: Signature made Fri 30 Oct 2015 01:31:05 PM PDT using RSA key > ID 34EC9CBA gpg: Good signature from "Fedora (23) > " [unknown] gpg: WARNING: This > key is not certified with a trusted signature! gpg: There > is no indication that the signature belongs to the owner. Primary > key fingerprint: EF45 5106 80FB 0232 6B04 5AFB 3247 4CF8 34EC > 9CBA > > Second, it appears to be the wrong key(?) > >> ls > Fedora-Server-23-x86_64-CHECKSUM Fedora-Server-DVD-x86_64-23.iso > >> sha256sum -c Fedora-Server-23-x86_64-CHECKSUM > Fedora-Server-DVD-x86_64-23.iso: OK sha256sum: > Fedora-Server-netinst-x86_64-23.iso: No such file or directory > Fedora-Server-netinst-x86_64-23.iso: FAILED open or read sha256sum: > WARNING: 20 lines are improperly formatted sha256sum: WARNING: 1 > listed file could not be read > > > Couldn't you just provide a md5sum instead? The gpg stuff is cool > and all, but when it fails... give us something to work with. > Clicked on support, but it's just a link to a BUNCH of forums. Not > helpful. > > Dan > > > -- websites mailing list websites@lists.fedoraproject.org > http://lists.fedoraproject.org/admin/lists/websites@lists.fedoraprojec t.org Dan, First > thanks for your concern and actually checking the files. 1) The not signed by a trusted signature is on your end , see the [unknown] at the end of this line: gpg: Good signature from "Fedora (23) > " [unknown] That indicates the signature is valid however is NOT in your local key-store as a trusted key (aka Set Owner Trust is set to unknown / I do not know ) As a add-on to Robert's reply: 2) the part of using a md5 from a security stance is a no-go, reason being multi-fold * md5 is known easy to spoof -- kinda defeats the purpose of using it doesn't it. * sha256 is irreversible crypto that takes Owner / time-stamp and source file and verifies all three with the generation and check. * if you wish to have a md5 for local use running (sha256sum to confirm ISOs are in fact genuine) "sha256sum {base_dir}/Fedora-Server-DVD-x86_64-23.iso" and "sha256sum {base_dir}/Fedora-Server-netinst-x86_64-23.iso" THEN ''md5sum {base_dir}/Fedora-Server-DVD-x86_64-23.iso > /some_local_use_hash_store" and "md5sum {base_dir}/Fedora-Server-netinst-x86_64-23.iso > /some_local_use_hash_store" however for the reasons aforementioned the official project page will not be providing md5sums for its official General Availability release (or any release) ISOs sorry. In addition failing to make available md5sum helps us prevent being on the unlucky end of incidents like the folks that provide Linux Mint Back in February [1] [1] http://blog.linuxmint.com/?p=2994 - ---Warm Regards --- Corey Sheldon P: +1 (310) 909 7672 PGP: B54B7228 (keybase) | 5A88E539 (personal) | D2264944 (fedora) https://gist.github.com/linux-modder/ac5dc6fa211315c633c9 Disclaimer: This document, including attachments, is intended for the person(s) named within and may contain confidential and/or legally privileged information, and may occasionally include Intellectual Property / Embargoed Content. it is request that all emails regardless of topic or content are regarded in this manner. Unauthorized disclosure, copying / distribution of this information may be unlawful and is prohibited, including unsolicited Cc/Bcc. If you are not the intended recipient, please disregard and destroy this message and if the recipient is known to you please inform them, and a return email indicating a improper recipient IS requested so that I may remove you from any lists, conversations such error may have created / allowed. Use of OpenGPG keys are highly encouraged my keys can be found @ hkp://keys.gnupg.net & hkp://keys.fedoraproject.org -BEGIN PGP SIGNATURE- Version: GnuPG v2 iF4EARYIAAYFAlcmCR0ACgkQrio19Q2QBZBngAD/eAijUyXzcD+VIRnQqZYQl4wO +otlRctOWZaXD9kOYkYA/3UO3FzBCqvhscmU8yf7UVuT9ik6DEGr4uzeJymwgcEI =ybjw -END PGP SIGNATURE- -- websites mailing list websites@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/websites@lists.fedoraproject.org
Created new templates in the wiki
Hi everybody, I don't know if my way of doing things is correct or not. Please feel free to tell me if I should do otherwise. Translating pages on the wiki, I felt it would be good to add some styling templates in order to promote consistency all along the wiki. I know that tastes and colors are debatable, thus feel also free to tell me "No. This is not convenient" . The templates I added are : https://fedoraproject.org/wiki/Template:Path https://fedoraproject.org/wiki/Template:Replace https://fedoraproject.org/wiki/Template:Clickable They are visible in action in only this page at the moment: https://fedoraproject.org/wiki/Bugs_and_feature_requests Thank you for feedback. Regards José Fournier -- websites mailing list websites@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/websites@lists.fedoraproject.org