ISO images authenticity check: Signature does not check and no detached signature

A user brought to my attention that the gpg public key we provide (0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284) does not allow to gpg verify the checksum files associated with our ISO images. For instance, the checksum file at http://download.opensuse.org/tumbleweed/iso/openSUSE-Tumbleweed-KDE-Live-x86... will not be verified by `gpg --verify <iso dot sha256 dot file>`. As far as I understand, a detached signature file could be an alternative, using this time `gpg --verify <detached signature file> <iso dot sha256 dot file>`, but we won't provide one either. Does it mean that users cannot verify the authenticity of our ISO images as of now? Best, Adrien