Note that digests are an alternative verification method

This commit is contained in:
Andrew David Wong 2016-10-01 12:25:43 -07:00
parent a2cbc7d5d2
commit 7fb60a67b2
No known key found for this signature in database
GPG Key ID: 8CE137352A019A17

View File

@ -188,10 +188,15 @@ release signing key and see this thread:
Verifying Digests Verifying Digests
----------------- -----------------
Each ISO is accompanied by a plain text file ending in `.DIGESTS`. This file Each ISO is also accompanied by a plain text file ending in `.DIGESTS`. This
contains the output of running several different crytographic hash functions on file contains the output of running several different crytographic hash
the ISO in order to obtain alphanumeric outputs known as "digests." For functions on the ISO in order to obtain alphanumeric outputs known as "digests."
example, `Qubes-R3.1-x86_64.iso` is accompanied by These digests are provided as an alternative verification method to PGP
signatures (though the digests themselves are also PGP-signed -- see below). If
you've already verified the signatures on the ISO directly, then verifying
digests is not necessary.
For example, `Qubes-R3.1-x86_64.iso` is accompanied by
`Qubes-R3.1-x86_64.iso.DIGESTS` which has the following content: `Qubes-R3.1-x86_64.iso.DIGESTS` which has the following content:
-----BEGIN PGP SIGNED MESSAGE----- -----BEGIN PGP SIGNED MESSAGE-----