From Mageia wiki
If you're looking for me on IRC look for MrsB
How to verify the integrity of an ISO..
$ gpg --keyserver pgp.mit.edu --recv-keys EDCA7A90 gpg: requesting key EDCA7A90 from hkp server pgp.mit.edu gpg: key EDCA7A90: public key "Mageia Release <release@mageia.org>" imported gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2017-07-17 gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) $ gpg --verify Mageia-5-RC-x86_64-DVD.iso.md5.gpg gpg: Signature made Sat 25 Apr 2015 19:11:23 BST using RSA key ID EDCA7A90 gpg: Good signature from "Mageia Release <release@mageia.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B210 76A0 CBE4 D93D 66A9 D08D 835E 41F4 EDCA 7A90 The warning about trusted signature is normal. $ md5sum -c Mageia-5-RC-x86_64-DVD.iso.md5 Mageia-5-RC-x86_64-DVD.iso: OK
