On 11/21/2016 09:51 AM, Per Jessen wrote:
It's not what I expected. I ran into the same thing, but was able to
find the correct shasum on the mirror page. Hi James,
I have not done it for the longest time, but we used to be able to just use the checksumming utility to also check the sums - i.e. md5sum or sha1sum. There also used to be complete listings named 'MD5SUMS' resp. 'SHA1SUMS' of all checksums of all files , but they disappeared at some point.
The PGP signature is new as of Leap421, up until 13.2, the checksum was not signed. I don't know the reason for this change.
Regardless of the reason, people shouldn't be left with a WTF??? experience, as is happening with this. If this is the new method, it should be clearly documented. Like you, I'd download an ISO and the md5sum file and then run md5sum -c against the md5sum file. IIRC, at one point, the md5sum file contained the md5sum for all the ISOs available and you could download more than one ISO and check them all with just one md5sum -c command. Incidentally, in the late 90s, I worked at IBM Canada, as a product specialist. I provided 3rd level support for OS/2 and some Windows apps. In that role, I created a lot of documentation for users or other support staff. A situation such as this would not have been tolerated. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org