On Mon, Nov 21, 2016 at 12:53 PM, Michal Kubecek
As Andreas pointed out, we could put the signature into a separate file (say .sha256.sign) but I wonder if there would be an advantage compared to a detached signature of the iso image itself.
Exactly. Detached signature is hash + proof that it has not been tampered which is exactly what we have here - but detached signature has advantage that it makes it clear what it is and how to verify it. I'm not sure how easy is it to compare detached signature on Windows as compared with plain hash; but current file requires manual intervention on Windows as well as proves to be confusing even for Linux users ... -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org