Hi, I want to verify the authenticity of OpenSUSE stable release and development release CD and DVD images. In the security announcement under "Authenticity Verification and Additional Information" it indicates that: "SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature." I can verify the security announcement letter. I would like to verify the OpenSUSE stable release and development release CD and DVD images that you can download from the web and mirror sites. Why not put the MD5 with each CD and DVD image that you can download along with a signature to verify it with? Also, why not put the public key number that is used to sign each release and distribution on the download pages so that it is easy to find. I was able to find a "SuSE Package Signing Key" and verify its authenticity, but it was not the same key used on the release(s). Please advise on what I can do to verify the authenticity of OpenSUSE stable and development releases on CD and DVD? Thanks! --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org