Am Dienstag, 3. August 2021, 23:43:14 CEST schrieb cagsm: See: https://en.opensuse.org/SDB:Download_help#Checksums Stephan
hello list,
just came across when trying to download leap 15.3 iso bits, that the most or all of the .sha256 files are unsigned simple text files only.
i still remember these sha256 files being some kind of pgp gpg wrapped textfiles with the suse project signing them for legitimacy. am i mistaken?
also the main opensuse.org download page and area speaks exactly about verifying the bits and the full length pgp gpg fingerprint for that signing key one should be verifying.
<https://get.opensuse.org/leap#download> ----------------- Verify Your Download Before Use Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version.
For each ISO, we offer a checksum file with the corresponding SHA256 sum.
For extra security, you can use GPG to verify who signed those .sha256 files.
It should be 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 -----------------
then i went to download.opensuse.org and the leap 15.2 area and tried there, and the or some .sha256 files for the e.g. x64 iso on that leap level and release are actually signed
what happen? :(
--------------- cat openSUSE-Leap-15.3-NET-x86_64-Current.iso.sha256 54fb3a488e0fececf45cdaeefaccfb64437745da4b1ca444662e3aac20cf37b5 openSUSE-Leap-15.3-NET-x86_64.iso
cat openSUSE-Leap-15.3-DVD-x86_64-Current.iso.sha256 0deae0b74953acd951150ae9567e098d450f2ae91b2d0c0a610b9d934f91c7b1 openSUSE-Leap-15.3-DVD-x86_64.iso
cat openSUSE-Leap-15.2-DVD-x86_64.iso.sha256