Raspbery PI images GPG Signatures Not Available

Any reason why there are no gpg signatures available for the raspberry pi images?

Signature Not Available.

Our ARM Team is currently :zzz: :bed: :first_quarter_moon_with_face: but they will respond to you tomorrow as I’ve reclassified your question into the ARM category!

:+1:

2 Likes

it’s better to go to the source.

2 Likes

Thanks!

Created a github issue for it: No GPG signatures for the Raspberry Pi images · Issue #8 · manjaro-arm/rpi4-images · GitHub

1 Like

There is no GPG signature available, because the current CI infrastructure is not really making it possible to gpg sign our images in the CI.

But there are sha1 checksums, which should be used to verify that the image is actually complete and correct.

3 Likes

Hi @Strit

I understand this. Perhaps it’s useful to mention this on the download page. Currently, there are signatures available for the “older” images (21.06) for the other ARM devices with a “be secure” message

When I put on my security hat; SHA1 is “good enough” to verify the download but it isn’t considered as a secure hash.

Anyway thanks for your nice work for the ARM releases!