On Mon, 3 Oct 2016 16:13:03 -0700 (PDT), jkitt <jazzkitte...@gmail.com>

> On Saturday, 1 October 2016 14:07:32 UTC+1, Arqwer  wrote:
> > Documentation says to check digests after I verified an .iso with
> > gpg. Why? Doesn't correct PGP signature mean, that .iso is good and
> > came from Qubes developers?
> Yes it does. Normally distros sign the digest. Qubes signs the iso.

To be precise: Qubes signs both, the iso and the digest.


You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
For more options, visit https://groups.google.com/d/optout.

Reply via email to