Download manjaro and gpg security

hi everybody, i am new here.
Thanks you all of you to keep this forum in life.

On the download page (manjaro kde iso), Security is promoted by a double check: SHA & GPG
So my question and concern about this matter:

  1. sha1 ok, but why do not provides a sha512 hash?
  2. gpg checking is mentionned but nowhere the “X-X-X.iso.sig” is present.
    Whether to the download page or the differents pages that i have visited

so how can i be sure that the authenticity/integrity to my iso is respected during the downloading process?


hello, nobody so as to help me in so far as to find the gpg XXX.iso.sig file?


The link to the above page with the description how to do it is right above the diagram.
It reads:

Here you can find information how to use it.

For the last ISO we only provided sha256sums. We are currently working on a way to sign our ISOs additionally.