Wrong sig and sha1-files for manjaro-kde-21.3.7 on website


I’m not sure if this is the right place for this, so please move this post if necessary.

I’ve just downloaded the latest manjaro-kde iso which is manjaro-kde-21.3.7.
Then I wanted to verify my download (sha1 and sig), but the linked files on the website are for manjaro-kde-21.3.6.

It would be very nice if somebody could correct the sha1- and sig-download.

Thank you!

These are incorrect from Manjaro Downloads ?


$ LANG=C sha1sum --strict --check manjaro-kde-21.3.7-220816-linux515.iso.sha1
manjaro-kde-21.3.7-220816-linux515.iso: OK

$ LANG=C gpg --verify manjaro-kde-21.3.7-220816-linux515.iso.sig
gpg: assuming signed data in 'manjaro-kde-21.3.7-220816-linux515.iso'
gpg: Signature made Tue Aug 16 14:53:56 2022 CEST
gpg:                using RSA key 3B794DE6D4320FCE594F4171279E7CF5D8D56EC8
gpg: Good signature from "Manjaro Build Server <build@manjaro.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3B79 4DE6 D432 0FCE 594F  4171 279E 7CF5 D8D5 6EC8

When I visited Manjaro Downloads the last time to download the files, I got:


I reloaded the website before downloading, but perhaps there was a caching-issue on my machine…
However, the links are correct.

Sorry for my mistake.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.