On Nov 21 2016, Aleksa Sarai <asarai@suse.de> wrote:
It is the "real shasum file". It also just happens to have been signed by the PGP key and contain the signature. sha256sum will exit without an error, and the warnings are just advisory -- so scripts will also have no issue with it.
It's actually _less safe_ to "just have a .sha256" because it will mean that you cannot be sure that your local mirror isn't replacing the ISOs with malware.
The signature could also be detached. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org