Download manjaro and gpg security

kaChera · 4 April 2021 10:40

hi everybody, i am new here.
Thanks you all of you to keep this forum in life.

On the download page (manjaro kde iso), Security is promoted by a double check: SHA & GPG
So my question and concern about this matter:

sha1 ok, but why do not provides a sha512 hash?
gpg checking is mentionned but nowhere the “X-X-X.iso.sig” is present.
Whether to the download page or the differents pages that i have visited

so how can i be sure that the authenticity/integrity to my iso is respected during the downloading process?

Thanks

kaChera · 5 April 2021 13:39

hello, nobody so as to help me in so far as to find the gpg XXX.iso.sig file?

thank

Nachlese · 5 April 2021 14:38

https://wiki.manjaro.org/index.php?title=How-to_verify_GPG_key_of_official_.ISO_images

The link to the above page with the description how to do it is right above the diagram.
It reads:

Here you can find information how to use it.

philm · 5 April 2021 18:02

For the last ISO we only provided sha256sums. We are currently working on a way to sign our ISOs additionally.