On Mon, 3 Oct 2016 16:13:03 -0700 (PDT), jkitt <jazzkitte...@gmail.com> wrote:
> On Saturday, 1 October 2016 14:07:32 UTC+1, Arqwer wrote: > > Documentation says to check digests after I verified an .iso with > > gpg. Why? Doesn't correct PGP signature mean, that .iso is good and > > came from Qubes developers? > > Yes it does. Normally distros sign the digest. Qubes signs the iso. To be precise: Qubes signs both, the iso and the digest. -- yaqu -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20161004090647.F2DBF205303%40mail.openmailbox.org. For more options, visit https://groups.google.com/d/optout.