Hi,
Myself seriously considers to start Manjaro use. I’m happy to had found this distro.
Installer .iso has been downloaded, also signature file.
How to find public yet valid keys of developers for use in that check?
There exists one wiki referring to Philip Müller, his public key of some hash.
However there are still open questions.
How to see public key presented in wiki I mean is Philip’s valid key?
Where to find keys of other developers - as wiki means key of any developer can be used?
References:
wiki: How-to verify GPG key of official .ISO images
Thanks for message from you.
I am not sure how it resolves my questions:
How to find public yet valid keys of developers for use in that check?
How to see public key presented in wiki I mean is Philip’s valid key?
Where to find keys of other developers - as wiki means key of any developer can be used?
According to wiki public key of any developer can be used.
Myself grabbed for signature file at Manjaro GNOME download web page.
Isn’t it coincidentally checking some local storage? Will desired public keys be populated to storage addressed on default?
Same questions regarding next feedback. Also, following applies: you kindly propose use one single source. It wasn’t shown how to verify the only used source provides with true and valid data? Some additional yet trustful reference source is needed to verify.
What have all guys going to start to use Manjaro in common?
Yes, they have no Manjaro.
They can’t use Manjaro to check downloaded iso to be authentic.
Wiki still helps however not to everyone. For those in situation as addressed here it’s gappy.
Also your kind last hint.