while downloading the whonix images and signautre, the .asc file completed but the .xz was still downloading
i tried to run gpg --verify Whonix*.asc and I got the “bad signature”, but it shows that it was signed by hulahoop and the time and everything.
when the download for .xz finished i ran gpg --verify again and I got good signature.
is this correct? or did I download malware that changes pgp keys?