Re: the archlinux torrent

[mpan <archml-y1vf3axu@xxxxxxx>]

  If the SHA-256 hash agrees, the file did not sustain any damage in 
transit. It does not matter how unreliable your connection is. If the 
file seen any unintentional, random changes, SHA-256 would not agree. 
The same holds for SHA-1, which is checked by torrent clients.⁽¹⁾ Your 
file is not damaged.

  Hypothetically you may be falling victim to a malicious agent, but 
the picture I see does not put this scenario among most likely 
explanations of your trouble. I absolutely support you wish to do proper 
security, but I believe this will not lead to overcoming the problem.

  To resolve the issue, we need to know, what exactly happens and 
where. What command do you execute, at which stage of the installation 
(please refer to the specific part of the Arch Wiki), what are the 
errors? “failure to install with all manner of python errors before I 
tried to get the signature and verify the disk” is not only letting us 
understand, what is happening. It is making things confusing, because 
signature verification is done before Arch ISO is even used.

  As for errors from `gpg --verify`: is this the actual, exact error 
message gpg printed? If not, in future please do not paraphrase errors: 
it really makes helping harder. I guess you might’ve received an error 
about gpg not being able to open the signature file. Does the file exist?

____
⁽¹⁾ Based on documentation, aria2 seems to disable integrity checks by 
default. I was not aware of this before and imagine astonishment on my 
face. But this does not apply to your case, because of the `-V` option.