Checksums are not GPG signed. Instructions show how to GPG verify. #183

xgpt · 2024-01-23T19:47:43Z

https://get.opensuse.org/tumbleweed/ says:

Verify Your Download Before Use

Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version.

For each ISO, we offer a checksum file with the corresponding SHA256 sum.

For extra security, you can use sha256sum to verify who signed those .sha256 files.

It should be [AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4](https://download.opensuse.org/tumbleweed/repo/oss/gpg-pubkey-29b700a4-62b07e22.asc)

For more help verifying your download please read [Checksums Help](https://en.opensuse.org/SDB:Download_help#Checksums)

Please consider removing the GPG verification instructions, or modifying the checksums available for download to indeed be GPG signed.

The text was updated successfully, but these errors were encountered:

tacerus · 2024-07-17T12:11:12Z

The checksum files are signed using a detached signature, can you elaborate what issue you are facing?

$ curl -sL https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.asc|head -n2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

mdogg-11 · 2024-07-17T13:33:55Z

I'm not having an issue with anything related to openSUSE on Github. Someone suggested I take a look at https://git-scm.com/book/en/v2 to help me learn what it is I should be doing. Sorry for the confusion.

--- Matt

On 2024-07-17 5:11 am, Georg wrote: The checksum files are signed using a detached signature, can you elaborate what issue you are facing? $ curl -sL https://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-DVD-x86_64-Current.iso.sha256.asc|head -n2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) -- Reply to this email directly, view it on GitHub [1], or unsubscribe [2]. You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

Links: ------ [1] #183 (comment) [2] https://github.com/notifications/unsubscribe-auth/A5PZFR223YIHJOPAM3MOQIDZMZNPVAVCNFSM6AAAAABLAP436WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDEMZTGE3TCMBVGA

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Checksums are not GPG signed. Instructions show how to GPG verify. #183

Checksums are not GPG signed. Instructions show how to GPG verify. #183

xgpt commented Jan 23, 2024

tacerus commented Jul 17, 2024

mdogg-11 commented Jul 17, 2024 via email

Checksums are not GPG signed. Instructions show how to GPG verify. #183

Checksums are not GPG signed. Instructions show how to GPG verify. #183

Comments

xgpt commented Jan 23, 2024

tacerus commented Jul 17, 2024

mdogg-11 commented Jul 17, 2024 via email