Checksums are not GPG signed. Instructions show how to GPG verify. #183
Description
https://get.opensuse.org/tumbleweed/ says:
Verify Your Download Before Use
Many applications can verify the checksum of a download. To verify your download can be important as it verifies you really have got the ISO file you wanted to download and not some broken version.
For each ISO, we offer a checksum file with the corresponding SHA256 sum.
For extra security, you can use sha256sum to verify who signed those .sha256 files.
It should be [AD48 5664 E901 B867 051A B15F 35A2 F86E 29B7 00A4](https://download.opensuse.org/tumbleweed/repo/oss/gpg-pubkey-29b700a4-62b07e22.asc)
For more help verifying your download please read [Checksums Help](https://en.opensuse.org/SDB:Download_help#Checksums)
Please consider removing the GPG verification instructions, or modifying the checksums available for download to indeed be GPG signed.