30.12.2020 06:00, Carlos E. R. пишет:
On 30/12/2020 00.28, Adrien Glauser wrote:
Hello Marcus,
Thanks for stepping in. From your instructions plus some digging I was able to successfully authenticate the sha256 file I was testing.
Nonetheless I think it's quite difficult for the new user (and I consider myself as such as far as this topic) to identify the recipe for authenticating sha256 files associated with our ISO images. In particular it's not trivial to identify the relevant .asc gpg signature that needs to be used to verify arbitrary images. In our toy example, the file at http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-KDE-Live-x86... is neither referenced or talked about anywhere from https://software.opensuse.org/distributions/tumbleweed. Only openSUSE's gpg public key is.
Example in wiki (which is linked from software.o.o) mentions it, at least if you are lucky to be redirected to English version, but you really need to know what it is, so it is not helpful for most users.
https://www.opensuse.org/ Install Tumbleweed links to: https://software.opensuse.org/distributions/tumbleweed
Down the page, see paragraph «Verify Your Download Before Use» which mentions "For more help verifying your download please read Checksums Help" which links to https://en.opensuse.org/SDB:Download_help#Checksums which also mentions the GPG procedure, and gives an example for Tumbleweed Netinstall.
I have not verified if the instructions are still correct
They are incomplete and do not match TW which changed from inline to detached signature. Moreover, example suddenly lists *.asc file although this file is not mentioned anywhere in description before. And even if wiki is corrected it does not change the fact that software.o.o does not link to *asc file. And that is where users expect to find all relevant links.
or if they match your experience.