Currently on the Leap 42.1 page, we provide just the key fingerprint
and don't also provide the whole key (for the super paranoid). However,
given the fact that people have concerns about key fingerprints in
general we should also provide a link (served over TLS) to a copy of
the openSUSE project signing key. The same goes for the Tumbleweed and
Leap 42.2 download pages.
As a separate issue, the .sha256 files for Tumbleweed don't use the same
filename as the download. This is a minor issue, but it means that you
have to rename the downloaded file so you can do the regular `sha256sum
-c && gpg --verify` workflow.
Software Engineer (Containers)
SUSE Linux GmbH
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org