You're supposed to check the whole ISO against the outer SHA checksum file. If you downloaded a bad/hacked ISO, it would of course validate itself correctly on the inside with an equally bad SHA256 checksum.
Den tis 25 jan. 2022 kl 16:02 skrev Russell Hyer <[email protected]>: > > Hi, > > I just rebuilt my mini laptop using the i386 image, but, when > installing the filesets, I got a warning that the SHA256.sig file was > missing, so that signify couldn't run, the error was: > > 'Directory does not contain SHA256.sig' > > (and the prompt allowed me to continue without verification or to > redownload the sets) > > Just a minor point, otherwise, reinstallation after comparison with > other bsds, shows the openbsd installer to work really very elegantly. > > Best regards, > > Russell > -- May the most significant bit of your life be positive.
