On Tue, Jun 16, 2009 at 5:17 PM, Todd Zullinger <tmz@xxxxxxxxx> wrote:
Is there a sha256sum for the GPG signature of the sha256sum of the files???
Sorry, couldn´t resist. ;<VBG>
FC
Aldo Foot wrote:At the risk of causing more confusion, I don't think that's correct.
> The filename "Fedora-11-i386-CHECKSUM" is arbitrary. You can call it
> anything you want as long as it has the contents of the GPG key
> provided by the distro[1], just click on the checksum link and copy
> its contents to a text file.
>
> [1] http://mirrors.kernel.org/fedora/releases/11/Fedora/i386/iso/
The contents of the GPG key are _not_ included in the *CHECKSUM files.
The contents are the sha256sum hashes of the files in release, and
they are signed with gpg so that you can first verify that the
CHECKSUM file came from the Fedora Project and then feel confident
using the file to verify the checksums of the .iso files.
Is there a sha256sum for the GPG signature of the sha256sum of the files???
Sorry, couldn´t resist. ;<VBG>
FC
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
