unfortunatly it's not that easy , RedHat reveals the ISO checksums only to subscription owners. And to check if the ISOs are untampered and genuine, noone can rely only to chinese or russian sites, as XcodeGhost has shown. ti
A word of caution here .... a checksum is only as reliable as it's source . If it's just a distro that you want to checkout or experiment with .... fine. But for me , if it was my main OS and it was going to be used for anything personal or financial ( banking or booking flights for example ) then I would definitely not be comfortable with using a checksum posted on an open forum. I think this is why there is an ongoing move towards the use of signing keys as a more secure and trustworthy alternative to verifying downloads by checksum (s) . But using signing keys is not as easy as comparing checksums ..... swings and roundabouts -