21 Nov
2016
21 Nov
'16
02:59
On 11/20/2016 09:48 PM, Karl Cheng wrote:
Is this expected? Yes, this is expected, there is an embedded PGP signature in the .sha256 file which `shasum` does not recognise.
This can be used to verify that the .sha256 file did indeed come from openSUSE rather than some other malicious source.
A little more info about that would have been useful. I would expect a file called sha256, next to an ISO, to be the shasum of that ISO and nothing else. And where on that download page is the real shasum file? I had to go to the mirror page to find it. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org