As pointed by HW42 here the public key downloaded from here permits to do verify the ISO prior of booting the installer successfully (where downloaded key from keys.openpgp.org is not importable. Might want to document where to download public key in OP here.)
Is it normal for a download that says it’s 5.1 GB to show up as 5.4 GB after its downloaded? This has me curious. It happens with me frequently. Might be worth looking into, might be paranoia. Anyone wanna take a guess?
this can happen because some software counts kilo, mega, gigabytes by multiples of 1000, other 1024, and it can also vary depending on the blocksizes of the filesystem the file is stored on.
either way, it is always good to check via pgp signatures, or at least checksums like sha256 or sha512, e.g. sha256sum Qubes-20210904-kernel-latest-x86_64.iso
Thanks for the reply
It would be nice then if it could be added to the GPG keys of Qubes Security Pack on Github so we’d have another place to verify it from.
Still not finished, we are still debugging new 4.2 with dom0 being Fedora 37. We had an unexpected series of issues with installer and other stuff that took us more time than expected. I’ve setup weekly builds for 4.2 already and there exist some ISO uploaded to openqa by @marmarek. Next run is on Thursday so I would announce it.