Hi @iwalker,
Thanks for your reply.
My understanding is that it is important to verify the CHECKSUM file.
Many distros provide instructions on how to verify using a signature.
Eg Alma provides this in their 9.0 release notes:
Download and verify a checksums list:
$ gpg --verify CHECKSUM
Also other users of Rocky have asked how to do this for previous versions such as
And a solution was determined.
And the CHECKSUM.sig file was available for earlier versions of Rocky.
I am wondering why this file has not been made available for 9.0, and also why Rocky does not include verification instructions of the checksum file in release notes?