You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would it be possible to show SHA256 checksum and detached GPG signature files on the website for Pop!_OS ISO's?
From Reddit, in Source 1, the SHA256 checksums are mentioned to be saved in a separately generated SHA256SUMS file; while in Source 2 there is mention of additional safety in using GPG verification:
Using this, it's possible to deduce the SHA256SUMS and detached GPG signature SHA256SUMS.gpg exist in the same directory of any chosen ISO on the Pop!_OS site, as shown in this gist that goes through how to check the integrity and authenticity any downloaded Pop!_OS ISO.
This would be in line with Linux Mint's doc page for pre-install checks on downloaded ISO's.
So, the infrastructure for GPG verification exists, though it would be a bit easier if the detached checksums and GPG signatures were included with the Pop!_OS downloads for those who know &/or are able to use GPG verification. I'm aware this doesn't solve all security issues and is advanced for most Pop!_OS users. If there is a concern that this would also need in the installation documentation, I'd be willing to propose simply worded documentation.
The text was updated successfully, but these errors were encountered:
Would it be possible to show SHA256 checksum and detached GPG signature files on the website for Pop!_OS ISO's?
From Reddit, in Source 1, the SHA256 checksums are mentioned to be saved in a separately generated
SHA256SUMSfile; while in Source 2 there is mention of additional safety in using GPG verification:Using this, it's possible to deduce the
SHA256SUMSand detached GPG signatureSHA256SUMS.gpgexist in the same directory of any chosen ISO on the Pop!_OS site, as shown in this gist that goes through how to check the integrity and authenticity any downloaded Pop!_OS ISO.This would be in line with Linux Mint's doc page for pre-install checks on downloaded ISO's.
So, the infrastructure for GPG verification exists, though it would be a bit easier if the detached checksums and GPG signatures were included with the Pop!_OS downloads for those who know &/or are able to use GPG verification. I'm aware this doesn't solve all security issues and is advanced for most Pop!_OS users. If there is a concern that this would also need in the installation documentation, I'd be willing to propose simply worded documentation.
The text was updated successfully, but these errors were encountered: