Re: [qubes-users] Why should I verify digests, if I already checked PGP signatures?

2016-10-01 Thread Andrew David Wong
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-10-01 09:36, Chris Laprise wrote: > On 10/01/2016 09:07 AM, Arqwer wrote: >> Documentation says to check digests after I verified an .iso with gpg. Why? >> Doesn't correct PGP signature mean, that .iso is good and came from Qubes >>

Re: [qubes-users] Why should I verify digests, if I already checked PGP signatures?

2016-10-01 Thread Chris Laprise
On 10/01/2016 09:07 AM, Arqwer wrote: Documentation says to check digests after I verified an .iso with gpg. Why? Doesn't correct PGP signature mean, that .iso is good and came from Qubes developers? Its really an alternative to gpg verification, not an additional step. The doc doesn't

[qubes-users] Why should I verify digests, if I already checked PGP signatures?

2016-10-01 Thread Arqwer
Documentation says to check digests after I verified an .iso with gpg. Why? Doesn't correct PGP signature mean, that .iso is good and came from Qubes developers? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group