Hello,
I have downloaded manjaro-lxqt-20.2-201130-linux59.iso. When I verify the signature everything looks fine: (I renamed the signature file)
gpg --verify manjaro-lxqt-20.2-201130-linux59.iso.sig manjaro-lxqt-20.2-201130-linux59.iso
Signature made ma 30 nov 2020 12:39:14 CET
gpg: using RSA key 3B6B8D2B9293A297E1DD1F9E7605992471F3F073
gpg: Good signature from “Frede Hundewadt fh@manjaro.org” [unknown]
However the sha1sum does not match. I get:
sha1sum manjaro-lxqt-20.2-201130-linux59.iso
1ed18d0593f40aa34349183e6d2f515e8ac51c0b manjaro-lxqt-20.2-201130-linux59.iso
While the shasum on the site is:
a3d4d2861caaa12fea00dfc9613236d08ce87c27
I have redownloaded the iso and tested again with the same result.
anyhow I don’t see how a corrupt iso file could have a correct signature.
I’ve also downloaded manjaro-architect and checked it the same way.
There the shasum and signature were both correct. I did this to see if I made a mistake with shasum.
Could you please check this,
Thanks.