On Monday, 21 November 2016 20:21 Aleksa Sarai wrote:
It is the "real shasum file". It also just happens to have been signed by the PGP key and contain the signature. sha256sum will exit without an error, and the warnings are just advisory -- so scripts will also have no issue with it.
It's actually similar to earlier situation when we used to have one SHA1SUMS file for the whole directory (except you got different warnings about files not found). As Andreas pointed out, we could put the signature into a separate file (say .sha256.sign) but I wonder if there would be an advantage compared to a detached signature of the iso image itself. Michal Kubeček -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org