Hi all, I was wondering if anyone knows how the checksums in fedora-package-announce are produced? Can they be used to verify packages as an alternate to yum/GPG signature check? I thought that they were sha1, but I must be doing something wrong. (See below) --------------------------------------------------------------------------------------------------------- Here a the first few updates I looked at (released September 4th): I used the first mirror that I found that was actually in sync with the updates (had the right package names): http://ftp.usf.edu/pub/fedora/linux/updates/7/i386/ -- (These are the fedora-package-announce numbers) 877b9725be7f88f7b04d4c050826ccb11a48d610 cobbler-0.6.1-2.fc7.noarch.rpm df1fdbbd04cb627d8da4b35137f8202ecc5b1107 koan-0.6.1-2.fc7.noarch.rpm e5c73ed05de385803221079ef1c5cb7598dc5a1b selinux-policy-targeted-2.6.4-40.fc7.noarch.rpm 8ad9fee1027d6a46aea37c0cf13b38f5cdbff4ab system-config-network-tui-1.3.95.2-1.fc7.noarch.rpm 50f932cde860b8f45cf2115261de6fa38bff08b9 system-config-network-1.3.95.2-1.fc7.noarch.rpm (The results of running sha1sum on these packages after downloading) 8edb40e5e6c2e7529ae5ef4992cfb7b41f807ad3 cobbler-0.6.1-2.fc7.noarch.rpm 17f69d566a7f7d1082f0737de04a834a22af6a27 koan-0.6.1-2.fc7.noarch.rpm 5f591847f69befc19c36d54926d5e0e1a3797ea9 selinux-policy-targeted-2.6.4-40.fc7.noarch.rpm 6782360d18754aa6cf516eafb794ca0d5b35f961 system-config-network-tui-1.3.95.2-1.fc7.noarch.rpm c29cecf368e176b0c0521afb93e35004f7503694 system-config-network-1.3.95.2-1.fc7.noarch.rpm ---------------------------------------------------------------------------------------------------------- I've tried to find some information on the Package Update Release process in the Fedora Project Wiki, and posted to Fedora Forum, but I haven't been able to resolve this so far. Thanks. William Womack
