Hi guys,

I downloaded Fedora 10 from a seemingly indisputable source (see below) but its md5 checksum don't parse. I've downloaded dozens of distros via torrents for test purposes and this is the first time I've had a checksum error, so I thought I'd better report it here for want of knowledge of anywhere better to do so. I'd be interested to hear your comments.

I "may not post attachments" so please excuse my methodology on that ground!

The link is: http://torrent.fedoraproject.org/ and it's the second choice down labelled as:

Fedora-10-x86_64-DVD.torrent

The published checksums are:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

f1e5ae7db6a1ba227de7294c4112385922388648 *Fedora-10-x86_64-DVD.iso
6cf420f59d6fbdea0465d56a5b471b9b64b3ff1b *Fedora-10-x86_64-disc1.iso
58cca47bde8d7c4a386f4c640b860f6c90318b42 *Fedora-10-x86_64-disc2.iso
06f2d17dfeedc1271bfe0c0fdd0dc6932a4ac78e *Fedora-10-x86_64-disc3.iso
9f7db6d556c6ae0c07bf23b634dc123b02446b91 *Fedora-10-x86_64-disc4.iso
5ca6588463ccedbbaad12812036c284c0fb45af6 *Fedora-10-x86_64-disc5.iso
8371499f3ddc37e153904c1bbf1f8b957126705d *Fedora-10-x86_64-disc6.iso
e52146c9901dc3c58a68a5b5ef2c41baf4f68cf5 *Fedora-10-x86_64-netinst.iso
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFJJZ/dvyJvzE6/wnMRAukaAJ9si4bQQMy2ZKwggJbhpSPBhxvc1QCgi8Te
h+GYpFeKg4U2Al2zntKtiIA=
=LlnP
-----END PGP SIGNATURE-----


However, the checksum I get from the downloaded file is:

b33fe30d7055e14a705d5ef754acf438

Which is nothing like any of the above.

Observations please, gentlemen!

CC.

How did you compute the checksum? It looks like you've used md5sum instead of sha1sum.

Using WinMD5sum. What's the problem?

The problem is those aren't MD5 hashes. They are SHA1 hashes.

You can look for the File Checksum Integrity Verifier utility on the MS support site. It manages both the algorithms.

Ah, well that would explain it. Thanks, guys.

CC.