update readme for clarity

This commit is contained in:
Louis Abel 2022-07-22 19:33:32 -07:00
parent c7c2ff18f3
commit a8af3b3a9b
Signed by: label
GPG Key ID: B37E62D143879B36

View File

@ -1,5 +1,4 @@
checksums # checksums
---------
This repository contains checksums for images, ISO's, and so on for Rocky Linux. This repository contains checksums for images, ISO's, and so on for Rocky Linux.
They are sorted by version into various directories. They are sorted by version into various directories.
@ -10,3 +9,32 @@ They are sorted by version into various directories.
| rocky-linux-9 | Rocky Linux 9 | | rocky-linux-9 | Rocky Linux 9 |
| rocky-linux-rc | Rocky Linux Release Candidates | | rocky-linux-rc | Rocky Linux Release Candidates |
| images | Rocky Linux Images per release | | images | Rocky Linux Images per release |
This repository is mirrored here: https://git.resf.org/rocky-linux/checksums
# Why this repository?
One of the goals of this repository is to be a main point of reference for all
checksums for our images, regardless of release. It can also be a historical
reference as well because all versions will be available.
This repository is also a result of the following things:
* Keykeeper (part of the peridot build system) does not sign arbitrary files
or artifacts outside of the build system
* We are planning to move Rocky Linux 8 into the new build system, and along
with it, the keys that sign the packages and repository metadata
* Some users would rather have a place they can go to that is outside of the
mirror(s) to verify the signatures are valid and the checksums actually match
what they claim.
# So the commits are signed, how do I verify?
To verify our signature, click on "commits", click on the green "Verified"
button where you will see a GPG key ID. You can then search for this ID at
any of the following:
https://keys.openpgp.org
https://keyserver.ubuntu.com