Is there a guide for verifying the PGP signatures? For example, if one looks at this webpage you'll notice at the bottom there are
Generally I would download
sha256sums.asc and then run
gpg --verify sha256sums.asc sha256sums.txt to confirm the validity.
sha256sums.sig used for?