[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47634: Accompany .asc and .DIGESTS keys for the ISO
From: |
Carlo Zancanaro |
Subject: |
bug#47634: Accompany .asc and .DIGESTS keys for the ISO |
Date: |
Fri, 09 Apr 2021 08:57:00 +1000 |
User-agent: |
K-9 Mail for Android |
On 9 April 2021 3:34:20 am AEST, bo0od <bo0od@riseup.net> wrote:
>This is nicely written by Qubes documentation:
>
>https://www.qubes-os.org/security/verifying-signatures/
From that page:
> If you’ve already verified the signatures on the ISO directly, then verifying
> digests is not necessary.
Which implies that the signatures are sufficient, right?
What is the benefit to providing the key (.asc) and hashes (.DIGESTS)? The page
you linked provides rationale for providing and checking digital signatures,
but we already provide them.
Carlo