Is there a guide for verifying the PGP signatures? For example, if one looks at this webpage you'll notice at the bottom there are sha256sums
sha256sums.asc
and sha256sums.sig
Generally I would download sha256sums
and sha256sums.asc
and then run gpg --verify sha256sums.asc sha256sums.txt
to confirm the validity.
What is sha256sums.sig
used for?