The iso checksums file of the Live Media, is not signed with gpg.
Thus I cannot verify whether the checksums are authentic or forged.
Pls publish a signed checksums file.
Best regards
Hi Janalma,
It appears that the checksum file for the Live ISO’s has a detached GPG Signature.
You can find it at: https://vault.almalinux.org/10.0/live/x86_64/CHECKSUM.asc (for the X86_64 version, but they’re also in the appropriate directories for the X86_64_v2 and aarch64 architectures too.
Once you’ve imported the correct gpg key (fingerprint: EE6D B7B9 8F5B F5ED D9DA 0DE5 DEE5 C11C C2A1 E572) and downloaded that CHECKSUM.asc signature to the same directory as your CHECKSUM file, gpg verification is straightforward.
Good luck & kind regards.
Ty. The checksum checks out.
I got the GPG public key from ChatGPT already.
Ty