To check a Linux ISO image integrity, is the sha256 sum better than PGP fingerprint, or vice-versa, and why ?
Thanks,
They serve different purposes: a SHA256 checksum only verifies the integrity of the file, while a PGP signature verifies both the integrity and authenticity (i.e. it is from the developer). Ideally, you should get the file and corresponding PGP fingerprint/checksum from two different places.
2 Likes