On Tue, Nov 24, 2009 at 10:33:16 -0500,
Todd Zullinger wrote:
>
> What I'm here for is to gather ideas for how to properly go about
> building the mingw32-sha256sum and keeping it around so that when I
> extract the sha256sum.exe and upload it to fedoraproject.org we will
> have the koji built
Allen Kistler wrote:
> I have the same opinion of signing the page with the hashes. The pages
> that list the hashes for F12 are:
>
> https://fedoraproject.org/static/checksums/Fedora-12-i386-CHECKSUM
> https://fedoraproject.org/static/checksums/Fedora-12-x86_64-CHECKSUM
>
> They are PGP-signed us
Jesse Keating wrote:
> Well, if you have to use a tool from the project, to verify other bits
> from the project, the verification just became a lot less trusted. If
> you don't trust the bits you got from the project, why would you trust
> the tool the project gives you to verify the bits? "Here
Jesse Keating wrote:
> I agree, I just wanted to point out the catch-22.
Heh. I'm sorry if I came off a bit defensive. :)
--
ToddOpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~
The most overlooked advantag
On Tue, 2009-11-24 at 13:06 -0500, Todd Zullinger wrote:
> I believe that providing a sha256sum.exe via https://fp.o/ is surely
> an improvement over "Download the .iso and hope it works or check it
> with some third-party checksum tool that we can't even hope to
> verify."
I agree, I just wanted
Jeroen van Meeuwen wrote:
> The goal is, of course, to verify the .iso against what is listed as
> it's sha256sum. Whether the tools ultimately come from the same
> source doesn't matter. It should, though, be advisable to not
> include the sha246sum.exe on the mirrors, and only serve the file
> ov
Jesse Keating wrote:
> Well, if you have to use a tool from the project, to verify other
> bits from the project, the verification just became a lot less
> trusted. If you don't trust the bits you got from the project, why
> would you trust the tool the project gives you to verify the bits?
> "Her
On 11/24/2009 05:25 PM, Jesse Keating wrote:
> On Tue, 2009-11-24 at 10:33 -0500, Todd Zullinger wrote:
>> (I really don't want to maintain the mingw32-sha256sum package for
>> Fedora, as it's just a quick and dirty hack to built a small subset of
>> of coreutils for Windows.)
>>
>> Thoughts?
>
>
On Tue, Nov 24, 2009 at 9:25 AM, Jesse Keating wrote:
> On Tue, 2009-11-24 at 10:33 -0500, Todd Zullinger wrote:
>> Some of you might be aware that the instructions for verifying our
>> *-CHECKSUM files on Windows have been broken since we moved to SHA256.
>> Previously, we linked users to a sha1s
On Tue, 2009-11-24 at 10:33 -0500, Todd Zullinger wrote:
> Some of you might be aware that the instructions for verifying our
> *-CHECKSUM files on Windows have been broken since we moved to SHA256.
> Previously, we linked users to a sha1sum.exe built by the GnuPG
> project. With SHA256, we don't
Some of you might be aware that the instructions for verifying our
*-CHECKSUM files on Windows have been broken since we moved to SHA256.
Previously, we linked users to a sha1sum.exe built by the GnuPG
project. With SHA256, we don't have that ability.
Fortunately, the good folks working on MingW
11 matches
Mail list logo
